diff --git a/docs/data-sources/acme_cert_manager_io_challenge_v1_manifest.md b/docs/data-sources/acme_cert_manager_io_challenge_v1_manifest.md
index eca41fb16..73981f56d 100644
--- a/docs/data-sources/acme_cert_manager_io_challenge_v1_manifest.md
+++ b/docs/data-sources/acme_cert_manager_io_challenge_v1_manifest.md
@@ -338,16 +338,13 @@ Optional:
 <a id="nestedatt--spec--solver--dns01--route53"></a>
 ### Nested Schema for `spec.solver.dns01.route53`
 
-Required:
-
-- `region` (String) Always set the region when using AccessKeyID and SecretAccessKey
-
 Optional:
 
 - `access_key_id` (String) The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
 - `access_key_id_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--solver--dns01--route53--access_key_id_secret_ref))
 - `auth` (Attributes) Auth configures how cert-manager authenticates. (see [below for nested schema](#nestedatt--spec--solver--dns01--route53--auth))
-- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do a lookup using the route53:ListHostedZonesByName api call.
+- `region` (String) Override the AWS region. Route53 is a global service and does not have regional endpoints but the region specified here (or via environment variables) is used as a hint to help compute the correct AWS credential scope and partition when it connects to Route53. See: - [Amazon Route 53 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) - [Global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) If you omit this region field, cert-manager will use the region from AWS_REGION and AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller Pod. The 'region' field is not needed if you use [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). In this case this 'region' field value is ignored. The 'region' field is not needed if you use [EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), In this case this 'region' field value is ignored.
 - `role` (String) Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
 - `secret_access_key_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--solver--dns01--route53--secret_access_key_secret_ref))
 
@@ -465,7 +462,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
@@ -977,7 +974,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
diff --git a/docs/data-sources/anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest.md b/docs/data-sources/anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest.md
index e7503cc5e..6d132dc59 100644
--- a/docs/data-sources/anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest.md
+++ b/docs/data-sources/anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest.md
@@ -208,12 +208,13 @@ Required:
 - `acmesolver` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--acmesolver))
 - `cainjector` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--cainjector))
 - `controller` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--controller))
-- `ctl` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--ctl))
 - `manifest` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--manifest))
+- `startupapicheck` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--startupapicheck))
 - `webhook` (Attributes) (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--webhook))
 
 Optional:
 
+- `ctl` (Attributes) This field has been deprecated (see [below for nested schema](#nestedatt--spec--versions_bundles--cert_manager--ctl))
 - `version` (String)
 
 <a id="nestedatt--spec--versions_bundles--cert_manager--acmesolver"></a>
@@ -258,8 +259,16 @@ Optional:
 - `uri` (String) The image repository, name, and tag
 
 
-<a id="nestedatt--spec--versions_bundles--cert_manager--ctl"></a>
-### Nested Schema for `spec.versions_bundles.cert_manager.ctl`
+<a id="nestedatt--spec--versions_bundles--cert_manager--manifest"></a>
+### Nested Schema for `spec.versions_bundles.cert_manager.manifest`
+
+Optional:
+
+- `uri` (String) URI points to the manifest yaml file
+
+
+<a id="nestedatt--spec--versions_bundles--cert_manager--startupapicheck"></a>
+### Nested Schema for `spec.versions_bundles.cert_manager.startupapicheck`
 
 Optional:
 
@@ -272,16 +281,22 @@ Optional:
 - `uri` (String) The image repository, name, and tag
 
 
-<a id="nestedatt--spec--versions_bundles--cert_manager--manifest"></a>
-### Nested Schema for `spec.versions_bundles.cert_manager.manifest`
+<a id="nestedatt--spec--versions_bundles--cert_manager--webhook"></a>
+### Nested Schema for `spec.versions_bundles.cert_manager.webhook`
 
 Optional:
 
-- `uri` (String) URI points to the manifest yaml file
+- `arch` (List of String) Architectures of the asset
+- `description` (String)
+- `image_digest` (String) The SHA256 digest of the image manifest
+- `name` (String) The asset name
+- `os` (String) Operating system of the asset
+- `os_name` (String) Name of the OS like ubuntu, bottlerocket
+- `uri` (String) The image repository, name, and tag
 
 
-<a id="nestedatt--spec--versions_bundles--cert_manager--webhook"></a>
-### Nested Schema for `spec.versions_bundles.cert_manager.webhook`
+<a id="nestedatt--spec--versions_bundles--cert_manager--ctl"></a>
+### Nested Schema for `spec.versions_bundles.cert_manager.ctl`
 
 Optional:
 
diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_v1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_v1_manifest.md
index ee15cd477..2dff03229 100644
--- a/docs/data-sources/apps_kubeblocks_io_cluster_v1_manifest.md
+++ b/docs/data-sources/apps_kubeblocks_io_cluster_v1_manifest.md
@@ -55,7 +55,7 @@ Optional:
 
 Required:
 
-- `termination_policy` (String) Specifies the behavior when a Cluster is deleted. It defines how resources, data, and backups associated with a Cluster are managed during termination. Choose a policy based on the desired level of resource cleanup and data preservation: - 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact. - 'Halt': Deletes Cluster resources like Pods and Services but retains Persistent Volume Claims (PVCs), allowing for data preservation while stopping other operations. - 'Delete': Extends the 'Halt' policy by also removing PVCs, leading to a thorough cleanup while removing all persistent data. - 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss. Warning: Choosing an inappropriate termination policy can result in data loss. The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.
+- `termination_policy` (String) Specifies the behavior when a Cluster is deleted. It defines how resources, data, and backups associated with a Cluster are managed during termination. Choose a policy based on the desired level of resource cleanup and data preservation: - 'DoNotTerminate': Prevents deletion of the Cluster. This policy ensures that all resources remain intact. - 'Delete': Deletes all runtime resources belong to the Cluster. - 'WipeOut': An aggressive policy that deletes all Cluster resources, including volume snapshots and backups in external storage. This results in complete data removal and should be used cautiously, primarily in non-production environments to avoid irreversible data loss. Warning: Choosing an inappropriate termination policy can result in data loss. The 'WipeOut' policy is particularly risky in production environments due to its irreversible nature.
 
 Optional:
 
@@ -94,14 +94,14 @@ Required:
 
 Optional:
 
-- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods.
+- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `component_def` (String) Specifies the ComponentDefinition custom resource (CR) that defines the Component's characteristics and behavior. Supports three different ways to specify the ComponentDefinition: - the regular expression - recommended - the full name - recommended - the name prefix
 - `configs` (Attributes List) Specifies the configuration content of a config template. (see [below for nested schema](#nestedatt--spec--component_specs--configs))
 - `disable_exporter` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service. If set to true, the following annotations will not be patched into the Service: - 'monitor.kubeblocks.io/path' - 'monitor.kubeblocks.io/port' - 'monitor.kubeblocks.io/scheme' These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter.
 - `env` (Attributes List) List of environment variables to add. These environment variables will be placed after the environment variables declared in the Pod. (see [below for nested schema](#nestedatt--spec--component_specs--env))
 - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--component_specs--instances))
 - `issuer` (Attributes) Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. (see [below for nested schema](#nestedatt--spec--component_specs--issuer))
-- `labels` (Map of String) Specifies Labels to override or add for underlying Pods.
+- `labels` (Map of String) Specifies Labels to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `name` (String) Specifies the Component's name. It's part of the Service DNS name and must comply with the IANA service naming rule. The name is optional when ClusterComponentSpec is used as a template (e.g., in 'shardingSpec'), but required otherwise.
 - `offline_instances` (List of String) Specifies the names of instances to be transitioned to offline status. Marking an instance as offline results in the following: 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential future reuse or data recovery, but it is no longer actively used. 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique and avoiding conflicts with new instances. Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining ordinal consistency within the Cluster. Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. The administrator must manually manage the cleanup and removal of these resources when they are no longer needed.
 - `parallel_pod_management_concurrency` (String) Controls the concurrency of pods during initial scale up, when replacing pods on nodes, or when scaling down. It only used when 'PodManagementPolicy' is set to 'Parallel'. The default Concurrency is 100%.
@@ -3547,14 +3547,14 @@ Required:
 
 Optional:
 
-- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods.
+- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `component_def` (String) Specifies the ComponentDefinition custom resource (CR) that defines the Component's characteristics and behavior. Supports three different ways to specify the ComponentDefinition: - the regular expression - recommended - the full name - recommended - the name prefix
 - `configs` (Attributes List) Specifies the configuration content of a config template. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--configs))
 - `disable_exporter` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service. If set to true, the following annotations will not be patched into the Service: - 'monitor.kubeblocks.io/path' - 'monitor.kubeblocks.io/port' - 'monitor.kubeblocks.io/scheme' These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter.
 - `env` (Attributes List) List of environment variables to add. These environment variables will be placed after the environment variables declared in the Pod. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--env))
 - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--instances))
 - `issuer` (Attributes) Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--issuer))
-- `labels` (Map of String) Specifies Labels to override or add for underlying Pods.
+- `labels` (Map of String) Specifies Labels to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `name` (String) Specifies the Component's name. It's part of the Service DNS name and must comply with the IANA service naming rule. The name is optional when ClusterComponentSpec is used as a template (e.g., in 'shardingSpec'), but required otherwise.
 - `offline_instances` (List of String) Specifies the names of instances to be transitioned to offline status. Marking an instance as offline results in the following: 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential future reuse or data recovery, but it is no longer actively used. 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique and avoiding conflicts with new instances. Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining ordinal consistency within the Cluster. Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. The administrator must manually manage the cleanup and removal of these resources when they are no longer needed.
 - `parallel_pod_management_concurrency` (String) Controls the concurrency of pods during initial scale up, when replacing pods on nodes, or when scaling down. It only used when 'PodManagementPolicy' is set to 'Parallel'. The default Concurrency is 100%.
diff --git a/docs/data-sources/apps_kubeblocks_io_component_v1_manifest.md b/docs/data-sources/apps_kubeblocks_io_component_v1_manifest.md
index 97d102a56..f5b5a25b0 100644
--- a/docs/data-sources/apps_kubeblocks_io_component_v1_manifest.md
+++ b/docs/data-sources/apps_kubeblocks_io_component_v1_manifest.md
@@ -60,12 +60,12 @@ Required:
 
 Optional:
 
-- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods.
+- `annotations` (Map of String) Specifies Annotations to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `configs` (Attributes List) Specifies the configuration content of a config template. (see [below for nested schema](#nestedatt--spec--configs))
 - `disable_exporter` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service. If set to true, the following annotations will not be patched into the Service: - 'monitor.kubeblocks.io/path' - 'monitor.kubeblocks.io/port' - 'monitor.kubeblocks.io/scheme' These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter.
 - `env` (Attributes List) List of environment variables to add. (see [below for nested schema](#nestedatt--spec--env))
 - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An Instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--instances))
-- `labels` (Map of String) Specifies Labels to override or add for underlying Pods.
+- `labels` (Map of String) Specifies Labels to override or add for underlying Pods, PVCs, Account & TLS Secrets, Services Owned by Component.
 - `offline_instances` (List of String) Specifies the names of instances to be transitioned to offline status. Marking an instance as offline results in the following: 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential future reuse or data recovery, but it is no longer actively used. 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique and avoiding conflicts with new instances. Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining ordinal consistency within the Cluster. Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. The administrator must manually manage the cleanup and removal of these resources when they are no longer needed.
 - `parallel_pod_management_concurrency` (String) Controls the concurrency of pods during initial scale up, when replacing pods on nodes, or when scaling down. It only used when 'PodManagementPolicy' is set to 'Parallel'. The default Concurrency is 100%.
 - `pod_update_policy` (String) PodUpdatePolicy indicates how pods should be updated - 'StrictInPlace' indicates that only allows in-place upgrades. Any attempt to modify other fields will be rejected. - 'PreferInPlace' indicates that we will first attempt an in-place upgrade of the Pod. If that fails, it will fall back to the ReCreate, where pod will be recreated. Default value is 'PreferInPlace'
diff --git a/docs/data-sources/canaries_flanksource_com_canary_v1_manifest.md b/docs/data-sources/canaries_flanksource_com_canary_v1_manifest.md
index f20b5b0e0..c192b8e53 100644
--- a/docs/data-sources/canaries_flanksource_com_canary_v1_manifest.md
+++ b/docs/data-sources/canaries_flanksource_com_canary_v1_manifest.md
@@ -1633,13 +1633,14 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--catalog--display"></a>
@@ -2864,6 +2865,7 @@ Optional:
 - `connection` (String) ConnectionName of the connection. It'll be used to populate the endpoint and credentials.
 - `credentials` (Attributes) (see [below for nested schema](#nestedatt--spec--database_backup--gcp--gcp_connection--credentials))
 - `endpoint` (String)
+- `skip_tls_verify` (Boolean) Skip TLS verify
 
 <a id="nestedatt--spec--database_backup--gcp--gcp_connection--credentials"></a>
 ### Nested Schema for `spec.database_backup.gcp.gcp_connection.credentials`
@@ -5243,6 +5245,7 @@ Optional:
 - `connection` (String) ConnectionName of the connection. It'll be used to populate the endpoint and credentials.
 - `credentials` (Attributes) (see [below for nested schema](#nestedatt--spec--exec--connections--gcp--credentials))
 - `endpoint` (String)
+- `skip_tls_verify` (Boolean) Skip TLS verify
 
 <a id="nestedatt--spec--exec--connections--gcp--credentials"></a>
 ### Nested Schema for `spec.exec.connections.gcp.credentials`
@@ -5834,6 +5837,7 @@ Optional:
 - `connection` (String) ConnectionName of the connection. It'll be used to populate the endpoint and credentials.
 - `credentials` (Attributes) (see [below for nested schema](#nestedatt--spec--folder--gcp_connection--credentials))
 - `endpoint` (String)
+- `skip_tls_verify` (Boolean) Skip TLS verify
 
 <a id="nestedatt--spec--folder--gcp_connection--credentials"></a>
 ### Nested Schema for `spec.folder.gcp_connection.credentials`
diff --git a/docs/data-sources/canaries_flanksource_com_component_v1_manifest.md b/docs/data-sources/canaries_flanksource_com_component_v1_manifest.md
index 6ef268041..189636ec6 100644
--- a/docs/data-sources/canaries_flanksource_com_component_v1_manifest.md
+++ b/docs/data-sources/canaries_flanksource_com_component_v1_manifest.md
@@ -57,6 +57,7 @@ Optional:
 
 - `checks` (Attributes List) (see [below for nested schema](#nestedatt--spec--checks))
 - `components` (Map of String) Create new child components
+- `config_id` (String)
 - `configs` (Attributes List) Lookup and associate config items with this component (see [below for nested schema](#nestedatt--spec--configs))
 - `external_id` (String)
 - `for_each` (Map of String) Only applies when using lookup, when specified the components and properties specified under ForEach will be templated using the components returned by the lookup ${.properties} can be used to reference the properties of the component ${.component} can be used to reference the component itself
@@ -99,15 +100,16 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
 - `tags` (Map of String) Deprecated. Use 'labelSelector'
 - `type` (String) Deprecated. Use 'types'
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--id"></a>
@@ -162,13 +164,14 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--summary"></a>
diff --git a/docs/data-sources/canaries_flanksource_com_topology_v1_manifest.md b/docs/data-sources/canaries_flanksource_com_topology_v1_manifest.md
index 6527c7fce..ac27c5a74 100644
--- a/docs/data-sources/canaries_flanksource_com_topology_v1_manifest.md
+++ b/docs/data-sources/canaries_flanksource_com_topology_v1_manifest.md
@@ -78,6 +78,7 @@ Optional:
 
 - `checks` (Attributes List) (see [below for nested schema](#nestedatt--spec--components--checks))
 - `components` (Map of String) Create new child components
+- `config_id` (String)
 - `configs` (Attributes List) Lookup and associate config items with this component (see [below for nested schema](#nestedatt--spec--components--configs))
 - `external_id` (String)
 - `for_each` (Map of String) Only applies when using lookup, when specified the components and properties specified under ForEach will be templated using the components returned by the lookup ${.properties} can be used to reference the properties of the component ${.component} can be used to reference the component itself
@@ -122,13 +123,14 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 
@@ -145,15 +147,16 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
 - `tags` (Map of String) Deprecated. Use 'labelSelector'
 - `type` (String) Deprecated. Use 'types'
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--components--id"></a>
@@ -208,13 +211,14 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--components--summary"></a>
@@ -253,15 +257,16 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
 - `tags` (Map of String) Deprecated. Use 'labelSelector'
 - `type` (String) Deprecated. Use 'types'
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--group_by"></a>
@@ -286,13 +291,14 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 
@@ -355,15 +361,16 @@ Optional:
 - `id` (String)
 - `include_deleted` (Boolean)
 - `label_selector` (String)
+- `limit` (Number)
 - `name` (String)
 - `namespace` (String)
 - `scope` (String)
 - `search` (String) Search query that applies to the resource name, tag & labels.
-- `statuses` (List of String)
+- `statuses` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 - `tag_selector` (String)
 - `tags` (Map of String) Deprecated. Use 'labelSelector'
 - `type` (String) Deprecated. Use 'types'
-- `types` (List of String)
+- `types` (List of String) StringArray represents a one-dimensional array of the PostgreSQL character types.
 
 
 <a id="nestedatt--spec--properties--config_lookup--display"></a>
diff --git a/docs/data-sources/cert_manager_io_certificate_v1_manifest.md b/docs/data-sources/cert_manager_io_certificate_v1_manifest.md
index c2ab5d63a..3d6cfcb3e 100644
--- a/docs/data-sources/cert_manager_io_certificate_v1_manifest.md
+++ b/docs/data-sources/cert_manager_io_certificate_v1_manifest.md
@@ -217,7 +217,7 @@ Optional:
 
 - `algorithm` (String) Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either 'RSA', 'ECDSA' or 'Ed25519'. If 'algorithm' is specified and 'size' is not provided, key size of 2048 will be used for 'RSA' key algorithm and key size of 256 will be used for 'ECDSA' key algorithm. key size is ignored when using the 'Ed25519' key algorithm.
 - `encoding` (String) The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are 'PKCS1' and 'PKCS8' standing for PKCS#1 and PKCS#8, respectively. Defaults to 'PKCS1' if not specified.
-- `rotation_policy` (String) RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to 'Never', a private key will only be generated if one does not already exist in the target 'spec.secretName'. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to 'Always', a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.
+- `rotation_policy` (String) RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to 'Never', a private key will only be generated if one does not already exist in the target 'spec.secretName'. If one does exist but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to 'Always', a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.
 - `size` (Number) Size is the key bit size of the corresponding private key for this certificate. If 'algorithm' is set to 'RSA', valid values are '2048', '4096' or '8192', and will default to '2048' if not specified. If 'algorithm' is set to 'ECDSA', valid values are '256', '384' or '521', and will default to '256' if not specified. If 'algorithm' is set to 'Ed25519', Size is ignored. No other values are allowed.
 
 
diff --git a/docs/data-sources/cert_manager_io_cluster_issuer_v1_manifest.md b/docs/data-sources/cert_manager_io_cluster_issuer_v1_manifest.md
index d66dd2636..93a9f9fb7 100644
--- a/docs/data-sources/cert_manager_io_cluster_issuer_v1_manifest.md
+++ b/docs/data-sources/cert_manager_io_cluster_issuer_v1_manifest.md
@@ -353,16 +353,13 @@ Optional:
 <a id="nestedatt--spec--acme--solvers--dns01--route53"></a>
 ### Nested Schema for `spec.acme.solvers.dns01.route53`
 
-Required:
-
-- `region` (String) Always set the region when using AccessKeyID and SecretAccessKey
-
 Optional:
 
 - `access_key_id` (String) The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
 - `access_key_id_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--access_key_id_secret_ref))
 - `auth` (Attributes) Auth configures how cert-manager authenticates. (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--auth))
-- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do a lookup using the route53:ListHostedZonesByName api call.
+- `region` (String) Override the AWS region. Route53 is a global service and does not have regional endpoints but the region specified here (or via environment variables) is used as a hint to help compute the correct AWS credential scope and partition when it connects to Route53. See: - [Amazon Route 53 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) - [Global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) If you omit this region field, cert-manager will use the region from AWS_REGION and AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller Pod. The 'region' field is not needed if you use [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). In this case this 'region' field value is ignored. The 'region' field is not needed if you use [EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), In this case this 'region' field value is ignored.
 - `role` (String) Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
 - `secret_access_key_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--secret_access_key_secret_ref))
 
@@ -480,7 +477,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
@@ -992,7 +989,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
diff --git a/docs/data-sources/cert_manager_io_issuer_v1_manifest.md b/docs/data-sources/cert_manager_io_issuer_v1_manifest.md
index a3e5a3950..d5ce4b876 100644
--- a/docs/data-sources/cert_manager_io_issuer_v1_manifest.md
+++ b/docs/data-sources/cert_manager_io_issuer_v1_manifest.md
@@ -355,16 +355,13 @@ Optional:
 <a id="nestedatt--spec--acme--solvers--dns01--route53"></a>
 ### Nested Schema for `spec.acme.solvers.dns01.route53`
 
-Required:
-
-- `region` (String) Always set the region when using AccessKeyID and SecretAccessKey
-
 Optional:
 
 - `access_key_id` (String) The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
 - `access_key_id_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--access_key_id_secret_ref))
 - `auth` (Attributes) Auth configures how cert-manager authenticates. (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--auth))
-- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+- `hosted_zone_id` (String) If set, the provider will manage only this zone in Route53 and will not do a lookup using the route53:ListHostedZonesByName api call.
+- `region` (String) Override the AWS region. Route53 is a global service and does not have regional endpoints but the region specified here (or via environment variables) is used as a hint to help compute the correct AWS credential scope and partition when it connects to Route53. See: - [Amazon Route 53 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) - [Global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) If you omit this region field, cert-manager will use the region from AWS_REGION and AWS_DEFAULT_REGION environment variables, if they are set in the cert-manager controller Pod. The 'region' field is not needed if you use [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). In this case this 'region' field value is ignored. The 'region' field is not needed if you use [EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: [Amazon EKS Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), In this case this 'region' field value is ignored.
 - `role` (String) Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
 - `secret_access_key_secret_ref` (Attributes) The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials (see [below for nested schema](#nestedatt--spec--acme--solvers--dns01--route53--secret_access_key_secret_ref))
 
@@ -482,7 +479,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
@@ -994,7 +991,7 @@ Optional:
 
 Optional:
 
-- `annotations` (Map of String) Annotations that should be added to the create ACME HTTP01 solver pods.
+- `annotations` (Map of String) Annotations that should be added to the created ACME HTTP01 solver pods.
 - `labels` (Map of String) Labels that should be added to the created ACME HTTP01 solver pods.
 
 
diff --git a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md
index 862588537..4afb7ee7d 100644
--- a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md
+++ b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md
@@ -58,6 +58,7 @@ Optional:
 - `group` (Attributes) Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams. (see [below for nested schema](#nestedatt--spec--group))
 - `inbound_cidrs` (List of String) InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams.
 - `ip_address_type` (String) IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams.
+- `listeners` (Attributes List) Listeners define a list of listeners with their protocol, port and attributes. (see [below for nested schema](#nestedatt--spec--listeners))
 - `load_balancer_attributes` (Attributes List) LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams. (see [below for nested schema](#nestedatt--spec--load_balancer_attributes))
 - `namespace_selector` (Attributes) NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams. * if absent or present but empty, it selects all namespaces. (see [below for nested schema](#nestedatt--spec--namespace_selector))
 - `scheme` (String) Scheme defines the scheme for all Ingresses that belong to IngressClass with this IngressClassParams.
@@ -73,6 +74,25 @@ Required:
 - `name` (String) Name is the name of IngressGroup.
 
 
+<a id="nestedatt--spec--listeners"></a>
+### Nested Schema for `spec.listeners`
+
+Optional:
+
+- `listener_attributes` (Attributes List) The attributes of the listener (see [below for nested schema](#nestedatt--spec--listeners--listener_attributes))
+- `port` (Number) The port of the listener
+- `protocol` (String) The protocol of the listener
+
+<a id="nestedatt--spec--listeners--listener_attributes"></a>
+### Nested Schema for `spec.listeners.listener_attributes`
+
+Required:
+
+- `key` (String) The key of the attribute.
+- `value` (String) The value of the attribute.
+
+
+
 <a id="nestedatt--spec--load_balancer_attributes"></a>
 ### Nested Schema for `spec.load_balancer_attributes`
 
diff --git a/docs/data-sources/external_secrets_io_cluster_secret_store_v1beta1_manifest.md b/docs/data-sources/external_secrets_io_cluster_secret_store_v1beta1_manifest.md
index 3d94c8d5f..d2ca62e97 100644
--- a/docs/data-sources/external_secrets_io_cluster_secret_store_v1beta1_manifest.md
+++ b/docs/data-sources/external_secrets_io_cluster_secret_store_v1beta1_manifest.md
@@ -108,6 +108,7 @@ Optional:
 - `oracle` (Attributes) Oracle configures this store to sync secrets using Oracle Vault provider (see [below for nested schema](#nestedatt--spec--provider--oracle))
 - `passbolt` (Attributes) (see [below for nested schema](#nestedatt--spec--provider--passbolt))
 - `passworddepot` (Attributes) Configures a store to sync secrets with a Password Depot instance. (see [below for nested schema](#nestedatt--spec--provider--passworddepot))
+- `previder` (Attributes) Previder configures this store to sync secrets using the Previder provider (see [below for nested schema](#nestedatt--spec--provider--previder))
 - `pulumi` (Attributes) Pulumi configures this store to sync secrets using the Pulumi provider (see [below for nested schema](#nestedatt--spec--provider--pulumi))
 - `scaleway` (Attributes) Scaleway (see [below for nested schema](#nestedatt--spec--provider--scaleway))
 - `secretserver` (Attributes) SecretServer configures this store to sync secrets using SecretServer provider https://docs.delinea.com/online-help/secret-server/start.htm (see [below for nested schema](#nestedatt--spec--provider--secretserver))
@@ -1543,6 +1544,44 @@ Optional:
 
 
 
+<a id="nestedatt--spec--provider--previder"></a>
+### Nested Schema for `spec.provider.previder`
+
+Required:
+
+- `auth` (Attributes) PreviderAuth contains a secretRef for credentials. (see [below for nested schema](#nestedatt--spec--provider--previder--auth))
+
+Optional:
+
+- `base_uri` (String)
+
+<a id="nestedatt--spec--provider--previder--auth"></a>
+### Nested Schema for `spec.provider.previder.auth`
+
+Optional:
+
+- `secret_ref` (Attributes) PreviderAuthSecretRef holds secret references for Previder Vault credentials. (see [below for nested schema](#nestedatt--spec--provider--previder--auth--secret_ref))
+
+<a id="nestedatt--spec--provider--previder--auth--secret_ref"></a>
+### Nested Schema for `spec.provider.previder.auth.secret_ref`
+
+Required:
+
+- `access_token` (Attributes) The AccessToken is used for authentication (see [below for nested schema](#nestedatt--spec--provider--previder--auth--secret_ref--access_token))
+
+<a id="nestedatt--spec--provider--previder--auth--secret_ref--access_token"></a>
+### Nested Schema for `spec.provider.previder.auth.secret_ref.access_token`
+
+Optional:
+
+- `key` (String) The key of the entry in the Secret resource's 'data' field to be used. Some instances of this field may be defaulted, in others it may be required.
+- `name` (String) The name of the Secret resource being referred to.
+- `namespace` (String) Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+
+
+
+
+
 <a id="nestedatt--spec--provider--pulumi"></a>
 ### Nested Schema for `spec.provider.pulumi`
 
@@ -1551,6 +1590,7 @@ Required:
 - `access_token` (Attributes) AccessToken is the access tokens to sign in to the Pulumi Cloud Console. (see [below for nested schema](#nestedatt--spec--provider--pulumi--access_token))
 - `environment` (String) Environment are YAML documents composed of static key-value pairs, programmatic expressions, dynamically retrieved values from supported providers including all major clouds, and other Pulumi ESC environments. To create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information.
 - `organization` (String) Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click 'New Organization'.
+- `project` (String) Project is the name of the Pulumi ESC project the environment belongs to.
 
 Optional:
 
diff --git a/docs/data-sources/external_secrets_io_secret_store_v1beta1_manifest.md b/docs/data-sources/external_secrets_io_secret_store_v1beta1_manifest.md
index 69a7e2268..bf62953fe 100644
--- a/docs/data-sources/external_secrets_io_secret_store_v1beta1_manifest.md
+++ b/docs/data-sources/external_secrets_io_secret_store_v1beta1_manifest.md
@@ -93,6 +93,7 @@ Optional:
 - `oracle` (Attributes) Oracle configures this store to sync secrets using Oracle Vault provider (see [below for nested schema](#nestedatt--spec--provider--oracle))
 - `passbolt` (Attributes) (see [below for nested schema](#nestedatt--spec--provider--passbolt))
 - `passworddepot` (Attributes) Configures a store to sync secrets with a Password Depot instance. (see [below for nested schema](#nestedatt--spec--provider--passworddepot))
+- `previder` (Attributes) Previder configures this store to sync secrets using the Previder provider (see [below for nested schema](#nestedatt--spec--provider--previder))
 - `pulumi` (Attributes) Pulumi configures this store to sync secrets using the Pulumi provider (see [below for nested schema](#nestedatt--spec--provider--pulumi))
 - `scaleway` (Attributes) Scaleway (see [below for nested schema](#nestedatt--spec--provider--scaleway))
 - `secretserver` (Attributes) SecretServer configures this store to sync secrets using SecretServer provider https://docs.delinea.com/online-help/secret-server/start.htm (see [below for nested schema](#nestedatt--spec--provider--secretserver))
@@ -1528,6 +1529,44 @@ Optional:
 
 
 
+<a id="nestedatt--spec--provider--previder"></a>
+### Nested Schema for `spec.provider.previder`
+
+Required:
+
+- `auth` (Attributes) PreviderAuth contains a secretRef for credentials. (see [below for nested schema](#nestedatt--spec--provider--previder--auth))
+
+Optional:
+
+- `base_uri` (String)
+
+<a id="nestedatt--spec--provider--previder--auth"></a>
+### Nested Schema for `spec.provider.previder.auth`
+
+Optional:
+
+- `secret_ref` (Attributes) PreviderAuthSecretRef holds secret references for Previder Vault credentials. (see [below for nested schema](#nestedatt--spec--provider--previder--auth--secret_ref))
+
+<a id="nestedatt--spec--provider--previder--auth--secret_ref"></a>
+### Nested Schema for `spec.provider.previder.auth.secret_ref`
+
+Required:
+
+- `access_token` (Attributes) The AccessToken is used for authentication (see [below for nested schema](#nestedatt--spec--provider--previder--auth--secret_ref--access_token))
+
+<a id="nestedatt--spec--provider--previder--auth--secret_ref--access_token"></a>
+### Nested Schema for `spec.provider.previder.auth.secret_ref.access_token`
+
+Optional:
+
+- `key` (String) The key of the entry in the Secret resource's 'data' field to be used. Some instances of this field may be defaulted, in others it may be required.
+- `name` (String) The name of the Secret resource being referred to.
+- `namespace` (String) Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+
+
+
+
+
 <a id="nestedatt--spec--provider--pulumi"></a>
 ### Nested Schema for `spec.provider.pulumi`
 
@@ -1536,6 +1575,7 @@ Required:
 - `access_token` (Attributes) AccessToken is the access tokens to sign in to the Pulumi Cloud Console. (see [below for nested schema](#nestedatt--spec--provider--pulumi--access_token))
 - `environment` (String) Environment are YAML documents composed of static key-value pairs, programmatic expressions, dynamically retrieved values from supported providers including all major clouds, and other Pulumi ESC environments. To create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information.
 - `organization` (String) Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click 'New Organization'.
+- `project` (String) Project is the name of the Pulumi ESC project the environment belongs to.
 
 Optional:
 
diff --git a/docs/data-sources/fluentbit_fluent_io_cluster_input_v1alpha2_manifest.md b/docs/data-sources/fluentbit_fluent_io_cluster_input_v1alpha2_manifest.md
index 04e92476b..e8533fdc1 100644
--- a/docs/data-sources/fluentbit_fluent_io_cluster_input_v1alpha2_manifest.md
+++ b/docs/data-sources/fluentbit_fluent_io_cluster_input_v1alpha2_manifest.md
@@ -372,6 +372,7 @@ Optional:
 - `read_from_head` (Boolean) For new discovered files on start (without a database offset/position), read the content from the head of the file, not tail.
 - `refresh_interval_seconds` (Number) The interval of refreshing the list of watched files in seconds.
 - `rotate_wait_seconds` (Number) Specify the number of extra time in seconds to monitor a file once is rotated in case some pending data is flushed.
+- `skip_empty_lines` (Boolean) Skips empty lines in the log file from any further processing or output.
 - `skip_long_lines` (Boolean) When a monitored file reach it buffer capacity due to a very long line (Buffer_Max_Size), the default behavior is to stop monitoring that file. Skip_Long_Lines alter that behavior and instruct Fluent Bit to skip long lines and continue processing other lines that fits into the buffer size.
 - `storage_type` (String) Specify the buffering mechanism to use. It can be memory or filesystem
 - `tag` (String) Set a tag (with regex-extract fields) that will be placed on lines read. E.g. kube.<namespace_name>.<pod_name>.<container_name>
diff --git a/docs/data-sources/gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest.md b/docs/data-sources/gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest.md
new file mode 100644
index 000000000..066a0d549
--- /dev/null
+++ b/docs/data-sources/gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest.md
@@ -0,0 +1,87 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest Data Source - terraform-provider-k8s"
+subcategory: "gateway.networking.k8s.io"
+description: |-
+  BackendLBPolicy provides a way to define load balancing rules for a backend.
+---
+
+# k8s_gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest (Data Source)
+
+BackendLBPolicy provides a way to define load balancing rules for a backend.
+
+## Example Usage
+
+```terraform
+data "k8s_gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest" "example" {
+  metadata = {
+    name      = "some-name"
+    namespace = "some-namespace"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+- `spec` (Attributes) Spec defines the desired state of BackendLBPolicy. (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+- `namespace` (String) Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `target_refs` (Attributes List) TargetRef identifies an API object to apply policy to. Currently, Backends (i.e. Service, ServiceImport, or any implementation-specific backendRef) are the only valid API target references. (see [below for nested schema](#nestedatt--spec--target_refs))
+
+Optional:
+
+- `session_persistence` (Attributes) SessionPersistence defines and configures session persistence for the backend. Support: Extended (see [below for nested schema](#nestedatt--spec--session_persistence))
+
+<a id="nestedatt--spec--target_refs"></a>
+### Nested Schema for `spec.target_refs`
+
+Required:
+
+- `group` (String) Group is the group of the target resource.
+- `kind` (String) Kind is kind of the target resource.
+- `name` (String) Name is the name of the target resource.
+
+
+<a id="nestedatt--spec--session_persistence"></a>
+### Nested Schema for `spec.session_persistence`
+
+Optional:
+
+- `absolute_timeout` (String) AbsoluteTimeout defines the absolute timeout of the persistent session. Once the AbsoluteTimeout duration has elapsed, the session becomes invalid. Support: Extended
+- `cookie_config` (Attributes) CookieConfig provides configuration settings that are specific to cookie-based session persistence. Support: Core (see [below for nested schema](#nestedatt--spec--session_persistence--cookie_config))
+- `idle_timeout` (String) IdleTimeout defines the idle timeout of the persistent session. Once the session has been idle for more than the specified IdleTimeout duration, the session becomes invalid. Support: Extended
+- `session_name` (String) SessionName defines the name of the persistent session token which may be reflected in the cookie or the header. Users should avoid reusing session names to prevent unintended consequences, such as rejection or unpredictable behavior. Support: Implementation-specific
+- `type` (String) Type defines the type of session persistence such as through the use a header or cookie. Defaults to cookie based session persistence. Support: Core for 'Cookie' type Support: Extended for 'Header' type
+
+<a id="nestedatt--spec--session_persistence--cookie_config"></a>
+### Nested Schema for `spec.session_persistence.cookie_config`
+
+Optional:
+
+- `lifetime_type` (String) LifetimeType specifies whether the cookie has a permanent or session-based lifetime. A permanent cookie persists until its specified expiry time, defined by the Expires or Max-Age cookie attributes, while a session cookie is deleted when the current session ends. When set to 'Permanent', AbsoluteTimeout indicates the cookie's lifetime via the Expires or Max-Age cookie attributes and is required. When set to 'Session', AbsoluteTimeout indicates the absolute lifetime of the cookie tracked by the gateway and is optional. Support: Core for 'Session' type Support: Extended for 'Permanent' type
diff --git a/docs/data-sources/gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest.md b/docs/data-sources/gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest.md
new file mode 100644
index 000000000..c4397dbf8
--- /dev/null
+++ b/docs/data-sources/gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest.md
@@ -0,0 +1,109 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest Data Source - terraform-provider-k8s"
+subcategory: "gateway.networking.k8s.io"
+description: |-
+  BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS.
+---
+
+# k8s_gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest (Data Source)
+
+BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS.
+
+## Example Usage
+
+```terraform
+data "k8s_gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest" "example" {
+  metadata = {
+    name      = "some-name"
+    namespace = "some-namespace"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+- `spec` (Attributes) Spec defines the desired state of BackendTLSPolicy. (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+- `namespace` (String) Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `target_refs` (Attributes List) TargetRefs identifies an API object to apply the policy to. Only Services have Extended support. Implementations MAY support additional objects, with Implementation Specific support. Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--target_refs))
+- `validation` (Attributes) Validation contains backend TLS validation configuration. (see [below for nested schema](#nestedatt--spec--validation))
+
+Optional:
+
+- `options` (Map of String) Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as 'example.com/my-custom-option'. Un-prefixed names are reserved for key names defined by Gateway API. Support: Implementation-specific
+
+<a id="nestedatt--spec--target_refs"></a>
+### Nested Schema for `spec.target_refs`
+
+Required:
+
+- `group` (String) Group is the group of the target resource.
+- `kind` (String) Kind is kind of the target resource.
+- `name` (String) Name is the name of the target resource.
+
+Optional:
+
+- `section_name` (String) SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name * HTTPRoute: HTTPRouteRule name * Service: Port name If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a 'ResolvedRefs' or similar Condition in the Policy's status.
+
+
+<a id="nestedatt--spec--validation"></a>
+### Nested Schema for `spec.validation`
+
+Required:
+
+- `hostname` (String) Hostname is used for two purposes in the connection between Gateways and backends: 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. If SubjectAltNames is not specified, Hostname MUST be used for authentication and MUST match the certificate served by the matching backend. Support: Core
+
+Optional:
+
+- `ca_certificate_refs` (Attributes List) CACertificateRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. If CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be specified. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If CACertifcateRefs is empty or unspecified, the configuration for WellKnownCACertificates MUST be honored instead if supported by the implementation. References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. A single CACertificateRef to a Kubernetes ConfigMap kind has 'Core' support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named 'ca.crt'. Support: Implementation-specific (More than one reference, or other kinds of resources). (see [below for nested schema](#nestedatt--spec--validation--ca_certificate_refs))
+- `subject_alt_names` (Attributes List) SubjectAltNames contains one or more Subject Alternative Names. When specified, the certificate served from the backend MUST have at least one Subject Alternate Name matching one of the specified SubjectAltNames. Support: Core (see [below for nested schema](#nestedatt--spec--validation--subject_alt_names))
+- `well_known_ca_certificates` (String) WellKnownCACertificates specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod. If WellKnownCACertificates is unspecified or empty (''), then CACertificateRefs must be specified with at least one entry for a valid configuration. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If an implementation does not support the WellKnownCACertificates field or the value supplied is not supported, the Status Conditions on the Policy MUST be updated to include an Accepted: False Condition with Reason: Invalid. Support: Implementation-specific
+
+<a id="nestedatt--spec--validation--ca_certificate_refs"></a>
+### Nested Schema for `spec.validation.ca_certificate_refs`
+
+Required:
+
+- `group` (String) Group is the group of the referent. For example, 'gateway.networking.k8s.io'. When unspecified or empty string, core API group is inferred.
+- `kind` (String) Kind is kind of the referent. For example 'HTTPRoute' or 'Service'.
+- `name` (String) Name is the name of the referent.
+
+
+<a id="nestedatt--spec--validation--subject_alt_names"></a>
+### Nested Schema for `spec.validation.subject_alt_names`
+
+Required:
+
+- `type` (String) Type determines the format of the Subject Alternative Name. Always required. Support: Core
+
+Optional:
+
+- `hostname` (String) Hostname contains Subject Alternative Name specified in DNS name format. Required when Type is set to Hostname, ignored otherwise. Support: Core
+- `uri` (String) URI contains Subject Alternative Name specified in a full URI format. It MUST include both a scheme (e.g., 'http' or 'ftp') and a scheme-specific-part. Common values include SPIFFE IDs like 'spiffe://mycluster.example.com/ns/myns/sa/svc1sa'. Required when Type is set to URI, ignored otherwise. Support: Core
diff --git a/docs/data-sources/gateway_networking_k8s_io_gateway_v1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_gateway_v1_manifest.md
index e4a1dd28e..1698ca664 100644
--- a/docs/data-sources/gateway_networking_k8s_io_gateway_v1_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_gateway_v1_manifest.md
@@ -62,7 +62,6 @@ Required:
 Optional:
 
 - `addresses` (Attributes List) Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. The Addresses field represents a request for the address(es) on the 'outside of the Gateway', that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. Support: Extended (see [below for nested schema](#nestedatt--spec--addresses))
-- `backend_tls` (Attributes) BackendTLS configures TLS settings for when this Gateway is connecting to backends with TLS. Support: Core (see [below for nested schema](#nestedatt--spec--backend_tls))
 - `infrastructure` (Attributes) Infrastructure defines infrastructure level attributes about this Gateway instance. Support: Extended (see [below for nested schema](#nestedatt--spec--infrastructure))
 
 <a id="nestedatt--spec--listeners"></a>
@@ -138,7 +137,6 @@ Optional:
 Optional:
 
 - `certificate_refs` (Attributes List) CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. A single CertificateRef to a Kubernetes Secret has 'Core' support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. This field is required to have at least one element when the mode is set to 'Terminate' (default) and is optional otherwise. CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls Support: Implementation-specific (More than one reference or other resource types) (see [below for nested schema](#nestedatt--spec--listeners--tls--certificate_refs))
-- `frontend_validation` (Attributes) FrontendValidation holds configuration information for validating the frontend (client). Setting this field will require clients to send a client certificate required for validation during the TLS handshake. In browsers this may result in a dialog appearing that requests a user to specify the client certificate. The maximum depth of a certificate chain accepted in verification is Implementation specific. Support: Extended (see [below for nested schema](#nestedatt--spec--listeners--tls--frontend_validation))
 - `mode` (String) Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificates to be specified in some way, such as populating the certificateRefs field. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. The certificateRefs field is ignored in this mode. Support: Core
 - `options` (Map of String) Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as 'example.com/my-custom-option'. Un-prefixed names are reserved for key names defined by Gateway API. Support: Implementation-specific
 
@@ -156,28 +154,6 @@ Optional:
 - `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
 
 
-<a id="nestedatt--spec--listeners--tls--frontend_validation"></a>
-### Nested Schema for `spec.listeners.tls.frontend_validation`
-
-Optional:
-
-- `ca_certificate_refs` (Attributes List) CACertificateRefs contains one or more references to Kubernetes objects that contain TLS certificates of the Certificate Authorities that can be used as a trust anchor to validate the certificates presented by the client. A single CA certificate reference to a Kubernetes ConfigMap has 'Core' support. Implementations MAY choose to support attaching multiple CA certificates to a Listener, but this behavior is implementation-specific. Support: Core - A single reference to a Kubernetes ConfigMap with the CA certificate in a key named 'ca.crt'. Support: Implementation-specific (More than one reference, or other kinds of resources). References to a resource in a different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. (see [below for nested schema](#nestedatt--spec--listeners--tls--frontend_validation--ca_certificate_refs))
-
-<a id="nestedatt--spec--listeners--tls--frontend_validation--ca_certificate_refs"></a>
-### Nested Schema for `spec.listeners.tls.frontend_validation.ca_certificate_refs`
-
-Required:
-
-- `group` (String) Group is the group of the referent. For example, 'gateway.networking.k8s.io'. When unspecified or empty string, core API group is inferred.
-- `kind` (String) Kind is kind of the referent. For example 'ConfigMap' or 'Service'.
-- `name` (String) Name is the name of the referent.
-
-Optional:
-
-- `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
-
-
-
 
 
 <a id="nestedatt--spec--addresses"></a>
@@ -192,28 +168,6 @@ Optional:
 - `type` (String) Type of the address.
 
 
-<a id="nestedatt--spec--backend_tls"></a>
-### Nested Schema for `spec.backend_tls`
-
-Optional:
-
-- `client_certificate_ref` (Attributes) ClientCertificateRef is a reference to an object that contains a Client Certificate and the associated private key. References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. ClientCertificateRef can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. This setting can be overridden on the service level by use of BackendTLSPolicy. Support: Core (see [below for nested schema](#nestedatt--spec--backend_tls--client_certificate_ref))
-
-<a id="nestedatt--spec--backend_tls--client_certificate_ref"></a>
-### Nested Schema for `spec.backend_tls.client_certificate_ref`
-
-Required:
-
-- `name` (String) Name is the name of the referent.
-
-Optional:
-
-- `group` (String) Group is the group of the referent. For example, 'gateway.networking.k8s.io'. When unspecified or empty string, core API group is inferred.
-- `kind` (String) Kind is kind of the referent. For example 'Secret'.
-- `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
-
-
-
 <a id="nestedatt--spec--infrastructure"></a>
 ### Nested Schema for `spec.infrastructure`
 
diff --git a/docs/data-sources/gateway_networking_k8s_io_gateway_v1beta1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_gateway_v1beta1_manifest.md
index 49da5d1e6..20c1c676d 100644
--- a/docs/data-sources/gateway_networking_k8s_io_gateway_v1beta1_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_gateway_v1beta1_manifest.md
@@ -62,7 +62,6 @@ Required:
 Optional:
 
 - `addresses` (Attributes List) Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. The Addresses field represents a request for the address(es) on the 'outside of the Gateway', that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. Support: Extended (see [below for nested schema](#nestedatt--spec--addresses))
-- `backend_tls` (Attributes) BackendTLS configures TLS settings for when this Gateway is connecting to backends with TLS. Support: Core (see [below for nested schema](#nestedatt--spec--backend_tls))
 - `infrastructure` (Attributes) Infrastructure defines infrastructure level attributes about this Gateway instance. Support: Extended (see [below for nested schema](#nestedatt--spec--infrastructure))
 
 <a id="nestedatt--spec--listeners"></a>
@@ -138,7 +137,6 @@ Optional:
 Optional:
 
 - `certificate_refs` (Attributes List) CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. A single CertificateRef to a Kubernetes Secret has 'Core' support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. This field is required to have at least one element when the mode is set to 'Terminate' (default) and is optional otherwise. CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls Support: Implementation-specific (More than one reference or other resource types) (see [below for nested schema](#nestedatt--spec--listeners--tls--certificate_refs))
-- `frontend_validation` (Attributes) FrontendValidation holds configuration information for validating the frontend (client). Setting this field will require clients to send a client certificate required for validation during the TLS handshake. In browsers this may result in a dialog appearing that requests a user to specify the client certificate. The maximum depth of a certificate chain accepted in verification is Implementation specific. Support: Extended (see [below for nested schema](#nestedatt--spec--listeners--tls--frontend_validation))
 - `mode` (String) Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificates to be specified in some way, such as populating the certificateRefs field. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. The certificateRefs field is ignored in this mode. Support: Core
 - `options` (Map of String) Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as 'example.com/my-custom-option'. Un-prefixed names are reserved for key names defined by Gateway API. Support: Implementation-specific
 
@@ -156,28 +154,6 @@ Optional:
 - `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
 
 
-<a id="nestedatt--spec--listeners--tls--frontend_validation"></a>
-### Nested Schema for `spec.listeners.tls.frontend_validation`
-
-Optional:
-
-- `ca_certificate_refs` (Attributes List) CACertificateRefs contains one or more references to Kubernetes objects that contain TLS certificates of the Certificate Authorities that can be used as a trust anchor to validate the certificates presented by the client. A single CA certificate reference to a Kubernetes ConfigMap has 'Core' support. Implementations MAY choose to support attaching multiple CA certificates to a Listener, but this behavior is implementation-specific. Support: Core - A single reference to a Kubernetes ConfigMap with the CA certificate in a key named 'ca.crt'. Support: Implementation-specific (More than one reference, or other kinds of resources). References to a resource in a different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. (see [below for nested schema](#nestedatt--spec--listeners--tls--frontend_validation--ca_certificate_refs))
-
-<a id="nestedatt--spec--listeners--tls--frontend_validation--ca_certificate_refs"></a>
-### Nested Schema for `spec.listeners.tls.frontend_validation.ca_certificate_refs`
-
-Required:
-
-- `group` (String) Group is the group of the referent. For example, 'gateway.networking.k8s.io'. When unspecified or empty string, core API group is inferred.
-- `kind` (String) Kind is kind of the referent. For example 'ConfigMap' or 'Service'.
-- `name` (String) Name is the name of the referent.
-
-Optional:
-
-- `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
-
-
-
 
 
 <a id="nestedatt--spec--addresses"></a>
@@ -192,28 +168,6 @@ Optional:
 - `type` (String) Type of the address.
 
 
-<a id="nestedatt--spec--backend_tls"></a>
-### Nested Schema for `spec.backend_tls`
-
-Optional:
-
-- `client_certificate_ref` (Attributes) ClientCertificateRef is a reference to an object that contains a Client Certificate and the associated private key. References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the 'ResolvedRefs' condition MUST be set to False for this listener with the 'RefNotPermitted' reason. ClientCertificateRef can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. This setting can be overridden on the service level by use of BackendTLSPolicy. Support: Core (see [below for nested schema](#nestedatt--spec--backend_tls--client_certificate_ref))
-
-<a id="nestedatt--spec--backend_tls--client_certificate_ref"></a>
-### Nested Schema for `spec.backend_tls.client_certificate_ref`
-
-Required:
-
-- `name` (String) Name is the name of the referent.
-
-Optional:
-
-- `group` (String) Group is the group of the referent. For example, 'gateway.networking.k8s.io'. When unspecified or empty string, core API group is inferred.
-- `kind` (String) Kind is kind of the referent. For example 'Secret'.
-- `namespace` (String) Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
-
-
-
 <a id="nestedatt--spec--infrastructure"></a>
 ### Nested Schema for `spec.infrastructure`
 
diff --git a/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1_manifest.md
index cdd9ac46a..ca0517550 100644
--- a/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1_manifest.md
@@ -56,7 +56,7 @@ Optional:
 Optional:
 
 - `hostnames` (List of String) Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label ('*.'). The wildcard label MUST appear by itself as the first label. If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: * A Listener with 'test.example.com' as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of 'test.example.com' or '*.example.com'. * A Listener with '*.example.com' as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, 'test.example.com' and '*.example.com' would both match. On the other hand, 'example.com' and 'test.example.net' would not match. Hostnames that are prefixed with a wildcard label ('*.') are interpreted as a suffix match. That means that a match for '*.example.com' would match both 'test.example.com', and 'foo.test.example.com', but not 'example.com'. If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified '*.example.com', and the GRPCRoute specified 'test.example.com' and 'test.example.net', 'test.example.net' MUST NOT be considered for a match. If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of 'False' in the corresponding RouteParentStatus. If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. Support: Core
-- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. (see [below for nested schema](#nestedatt--spec--parent_refs))
+- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. (see [below for nested schema](#nestedatt--spec--parent_refs))
 - `rules` (Attributes List) Rules are a list of GRPC matchers, filters and actions. (see [below for nested schema](#nestedatt--spec--rules))
 
 <a id="nestedatt--spec--parent_refs"></a>
@@ -70,8 +70,8 @@ Optional:
 
 - `group` (String) Group is the group of the referent. When unspecified, 'gateway.networking.k8s.io' is inferred. To set the core API group (such as for a 'Service' kind referent), Group must be explicitly set to '' (empty string). Support: Core
 - `kind` (String) Kind is kind of the referent. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
-- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. Support: Core
-- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
+- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Support: Core
+- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
 - `section_name` (String) SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
 
 
@@ -83,8 +83,6 @@ Optional:
 - `backend_refs` (Attributes List) BackendRefs defines the backend(s) where matching requests should be sent. Failure behavior here depends on how many BackendRefs are specified and how many are invalid. If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an 'UNAVAILABLE' status. See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. When a GRPCBackendRef is invalid, 'UNAVAILABLE' statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an 'UNAVAILABLE' status. For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an 'UNAVAILABLE' status. Implementations may choose how that 50 percent is determined. Support: Core for Kubernetes Service Support: Implementation-specific for any other resource Support for weight: Core (see [below for nested schema](#nestedatt--spec--rules--backend_refs))
 - `filters` (Attributes List) Filters define the filters that are applied to requests that match this rule. The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. Conformance-levels at this level are defined based on the type of filter: - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the 'Accepted' condition to be set to status 'False', implementations may use the 'IncompatibleFilters' reason to specify this configuration error. Support: Core (see [below for nested schema](#nestedatt--spec--rules--filters))
 - `matches` (Attributes List) Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. For example, take the following matches configuration: ''' matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ''' For a request to match against this rule, it MUST satisfy EITHER of the two conditions: - service of foo.bar AND contains the header 'version: 2' - service of foo.bar.v2 See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. If no matches are specified, the implementation MUST match every gRPC request. Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. (see [below for nested schema](#nestedatt--spec--rules--matches))
-- `name` (String) Name is the name of the route rule. This name MUST be unique within a Route if it is set. Support: Extended
-- `session_persistence` (Attributes) SessionPersistence defines and configures session persistence for the route rule. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--session_persistence))
 
 <a id="nestedatt--spec--rules--backend_refs"></a>
 ### Nested Schema for `spec.rules.backend_refs`
@@ -161,11 +159,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.backend_ref`
 
@@ -181,18 +174,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--backend_refs--filters--response_header_modifier"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.response_header_modifier`
@@ -283,11 +264,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.filters.request_mirror.backend_ref`
 
@@ -303,18 +279,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--filters--response_header_modifier"></a>
 ### Nested Schema for `spec.rules.filters.response_header_modifier`
@@ -374,23 +338,3 @@ Optional:
 - `method` (String) Value of the method to match against. If left empty or omitted, will match all services. At least one of Service and Method MUST be a non-empty string.
 - `service` (String) Value of the service to match against. If left empty or omitted, will match any service. At least one of Service and Method MUST be a non-empty string.
 - `type` (String) Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) Support: Implementation-specific (Exact with method specified but no service specified) Support: Implementation-specific (RegularExpression)
-
-
-
-<a id="nestedatt--spec--rules--session_persistence"></a>
-### Nested Schema for `spec.rules.session_persistence`
-
-Optional:
-
-- `absolute_timeout` (String) AbsoluteTimeout defines the absolute timeout of the persistent session. Once the AbsoluteTimeout duration has elapsed, the session becomes invalid. Support: Extended
-- `cookie_config` (Attributes) CookieConfig provides configuration settings that are specific to cookie-based session persistence. Support: Core (see [below for nested schema](#nestedatt--spec--rules--session_persistence--cookie_config))
-- `idle_timeout` (String) IdleTimeout defines the idle timeout of the persistent session. Once the session has been idle for more than the specified IdleTimeout duration, the session becomes invalid. Support: Extended
-- `session_name` (String) SessionName defines the name of the persistent session token which may be reflected in the cookie or the header. Users should avoid reusing session names to prevent unintended consequences, such as rejection or unpredictable behavior. Support: Implementation-specific
-- `type` (String) Type defines the type of session persistence such as through the use a header or cookie. Defaults to cookie based session persistence. Support: Core for 'Cookie' type Support: Extended for 'Header' type
-
-<a id="nestedatt--spec--rules--session_persistence--cookie_config"></a>
-### Nested Schema for `spec.rules.session_persistence.cookie_config`
-
-Optional:
-
-- `lifetime_type` (String) LifetimeType specifies whether the cookie has a permanent or session-based lifetime. A permanent cookie persists until its specified expiry time, defined by the Expires or Max-Age cookie attributes, while a session cookie is deleted when the current session ends. When set to 'Permanent', AbsoluteTimeout indicates the cookie's lifetime via the Expires or Max-Age cookie attributes and is required. When set to 'Session', AbsoluteTimeout indicates the absolute lifetime of the cookie tracked by the gateway and is optional. Support: Core for 'Session' type Support: Extended for 'Permanent' type
diff --git a/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1alpha2_manifest.md b/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1alpha2_manifest.md
index b57ccd59d..d0efdc74c 100644
--- a/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1alpha2_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_grpc_route_v1alpha2_manifest.md
@@ -56,7 +56,7 @@ Optional:
 Optional:
 
 - `hostnames` (List of String) Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label ('*.'). The wildcard label MUST appear by itself as the first label. If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: * A Listener with 'test.example.com' as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of 'test.example.com' or '*.example.com'. * A Listener with '*.example.com' as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, 'test.example.com' and '*.example.com' would both match. On the other hand, 'example.com' and 'test.example.net' would not match. Hostnames that are prefixed with a wildcard label ('*.') are interpreted as a suffix match. That means that a match for '*.example.com' would match both 'test.example.com', and 'foo.test.example.com', but not 'example.com'. If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified '*.example.com', and the GRPCRoute specified 'test.example.com' and 'test.example.net', 'test.example.net' MUST NOT be considered for a match. If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of 'False' in the corresponding RouteParentStatus. If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. Support: Core
-- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. (see [below for nested schema](#nestedatt--spec--parent_refs))
+- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. (see [below for nested schema](#nestedatt--spec--parent_refs))
 - `rules` (Attributes List) Rules are a list of GRPC matchers, filters and actions. (see [below for nested schema](#nestedatt--spec--rules))
 
 <a id="nestedatt--spec--parent_refs"></a>
@@ -70,8 +70,8 @@ Optional:
 
 - `group` (String) Group is the group of the referent. When unspecified, 'gateway.networking.k8s.io' is inferred. To set the core API group (such as for a 'Service' kind referent), Group must be explicitly set to '' (empty string). Support: Core
 - `kind` (String) Kind is kind of the referent. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
-- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. Support: Core
-- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
+- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Support: Core
+- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
 - `section_name` (String) SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
 
 
@@ -83,8 +83,6 @@ Optional:
 - `backend_refs` (Attributes List) BackendRefs defines the backend(s) where matching requests should be sent. Failure behavior here depends on how many BackendRefs are specified and how many are invalid. If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an 'UNAVAILABLE' status. See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. When a GRPCBackendRef is invalid, 'UNAVAILABLE' statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an 'UNAVAILABLE' status. For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an 'UNAVAILABLE' status. Implementations may choose how that 50 percent is determined. Support: Core for Kubernetes Service Support: Implementation-specific for any other resource Support for weight: Core (see [below for nested schema](#nestedatt--spec--rules--backend_refs))
 - `filters` (Attributes List) Filters define the filters that are applied to requests that match this rule. The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. Conformance-levels at this level are defined based on the type of filter: - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the 'Accepted' condition to be set to status 'False', implementations may use the 'IncompatibleFilters' reason to specify this configuration error. Support: Core (see [below for nested schema](#nestedatt--spec--rules--filters))
 - `matches` (Attributes List) Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. For example, take the following matches configuration: ''' matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ''' For a request to match against this rule, it MUST satisfy EITHER of the two conditions: - service of foo.bar AND contains the header 'version: 2' - service of foo.bar.v2 See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. If no matches are specified, the implementation MUST match every gRPC request. Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. (see [below for nested schema](#nestedatt--spec--rules--matches))
-- `name` (String) Name is the name of the route rule. This name MUST be unique within a Route if it is set. Support: Extended
-- `session_persistence` (Attributes) SessionPersistence defines and configures session persistence for the route rule. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--session_persistence))
 
 <a id="nestedatt--spec--rules--backend_refs"></a>
 ### Nested Schema for `spec.rules.backend_refs`
@@ -161,11 +159,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.backend_ref`
 
@@ -181,18 +174,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--backend_refs--filters--response_header_modifier"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.response_header_modifier`
@@ -283,11 +264,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.filters.request_mirror.backend_ref`
 
@@ -303,18 +279,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--filters--response_header_modifier"></a>
 ### Nested Schema for `spec.rules.filters.response_header_modifier`
@@ -374,23 +338,3 @@ Optional:
 - `method` (String) Value of the method to match against. If left empty or omitted, will match all services. At least one of Service and Method MUST be a non-empty string.
 - `service` (String) Value of the service to match against. If left empty or omitted, will match any service. At least one of Service and Method MUST be a non-empty string.
 - `type` (String) Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) Support: Implementation-specific (Exact with method specified but no service specified) Support: Implementation-specific (RegularExpression)
-
-
-
-<a id="nestedatt--spec--rules--session_persistence"></a>
-### Nested Schema for `spec.rules.session_persistence`
-
-Optional:
-
-- `absolute_timeout` (String) AbsoluteTimeout defines the absolute timeout of the persistent session. Once the AbsoluteTimeout duration has elapsed, the session becomes invalid. Support: Extended
-- `cookie_config` (Attributes) CookieConfig provides configuration settings that are specific to cookie-based session persistence. Support: Core (see [below for nested schema](#nestedatt--spec--rules--session_persistence--cookie_config))
-- `idle_timeout` (String) IdleTimeout defines the idle timeout of the persistent session. Once the session has been idle for more than the specified IdleTimeout duration, the session becomes invalid. Support: Extended
-- `session_name` (String) SessionName defines the name of the persistent session token which may be reflected in the cookie or the header. Users should avoid reusing session names to prevent unintended consequences, such as rejection or unpredictable behavior. Support: Implementation-specific
-- `type` (String) Type defines the type of session persistence such as through the use a header or cookie. Defaults to cookie based session persistence. Support: Core for 'Cookie' type Support: Extended for 'Header' type
-
-<a id="nestedatt--spec--rules--session_persistence--cookie_config"></a>
-### Nested Schema for `spec.rules.session_persistence.cookie_config`
-
-Optional:
-
-- `lifetime_type` (String) LifetimeType specifies whether the cookie has a permanent or session-based lifetime. A permanent cookie persists until its specified expiry time, defined by the Expires or Max-Age cookie attributes, while a session cookie is deleted when the current session ends. When set to 'Permanent', AbsoluteTimeout indicates the cookie's lifetime via the Expires or Max-Age cookie attributes and is required. When set to 'Session', AbsoluteTimeout indicates the absolute lifetime of the cookie tracked by the gateway and is optional. Support: Core for 'Session' type Support: Extended for 'Permanent' type
diff --git a/docs/data-sources/gateway_networking_k8s_io_http_route_v1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_http_route_v1_manifest.md
index 05f2e6470..acbfdff92 100644
--- a/docs/data-sources/gateway_networking_k8s_io_http_route_v1_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_http_route_v1_manifest.md
@@ -56,7 +56,7 @@ Optional:
 Optional:
 
 - `hostnames` (List of String) Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label ('*.'). The wildcard label must appear by itself as the first label. If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: * A Listener with 'test.example.com' as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of 'test.example.com' or '*.example.com'. * A Listener with '*.example.com' as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, '*.example.com', 'test.example.com', and 'foo.test.example.com' would all match. On the other hand, 'example.com' and 'test.example.net' would not match. Hostnames that are prefixed with a wildcard label ('*.') are interpreted as a suffix match. That means that a match for '*.example.com' would match both 'test.example.com', and 'foo.test.example.com', but not 'example.com'. If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified '*.example.com', and the HTTPRoute specified 'test.example.com' and 'test.example.net', 'test.example.net' must not be considered for a match. If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of 'False' in the corresponding RouteParentStatus. In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. Support: Core
-- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. (see [below for nested schema](#nestedatt--spec--parent_refs))
+- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. (see [below for nested schema](#nestedatt--spec--parent_refs))
 - `rules` (Attributes List) Rules are a list of HTTP matchers, filters and actions. (see [below for nested schema](#nestedatt--spec--rules))
 
 <a id="nestedatt--spec--parent_refs"></a>
@@ -70,8 +70,8 @@ Optional:
 
 - `group` (String) Group is the group of the referent. When unspecified, 'gateway.networking.k8s.io' is inferred. To set the core API group (such as for a 'Service' kind referent), Group must be explicitly set to '' (empty string). Support: Core
 - `kind` (String) Kind is kind of the referent. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
-- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. Support: Core
-- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
+- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Support: Core
+- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
 - `section_name` (String) SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
 
 
@@ -83,9 +83,6 @@ Optional:
 - `backend_refs` (Attributes List) BackendRefs defines the backend(s) where matching requests should be sent. Failure behavior here depends on how many BackendRefs are specified and how many are invalid. If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. If an implementation chooses to do this, all of the above rules for 500 responses MUST also apply for responses that return a 503. Support: Core for Kubernetes Service Support: Extended for Kubernetes ServiceImport Support: Implementation-specific for any other resource Support for weight: Core (see [below for nested schema](#nestedatt--spec--rules--backend_refs))
 - `filters` (Attributes List) Filters define the filters that are applied to requests that match this rule. Wherever possible, implementations SHOULD implement filters in the order they are specified. Implementations MAY choose to implement this ordering strictly, rejecting any combination or order of filters that can not be supported. If implementations choose a strict interpretation of filter ordering, they MUST clearly document that behavior. To reject an invalid combination or order of filters, implementations SHOULD consider the Route Rules with this configuration invalid. If all Route Rules in a Route are invalid, the entire Route would be considered invalid. If only a portion of Route Rules are invalid, implementations MUST set the 'PartiallyInvalid' condition for the Route. Conformance-levels at this level are defined based on the type of filter: - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the 'Accepted' condition to be set to status 'False', implementations may use the 'IncompatibleFilters' reason to specify this configuration error. Support: Core (see [below for nested schema](#nestedatt--spec--rules--filters))
 - `matches` (Attributes List) Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. For example, take the following matches configuration: ''' matches: - path: value: '/foo' headers: - name: 'version' value: 'v2' - path: value: '/v2/foo' ''' For a request to match against this rule, a request must satisfy EITHER of the two conditions: - path prefixed with '/foo' AND contains the header 'version: v2' - path prefix of '/v2/foo' See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. If no matches are specified, the default is a prefix path match on '/', which has the effect of matching every HTTP request. Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: * 'Exact' path match. * 'Prefix' path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. Note: The precedence of RegularExpression path matches are implementation-specific. If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned. (see [below for nested schema](#nestedatt--spec--rules--matches))
-- `name` (String) Name is the name of the route rule. This name MUST be unique within a Route if it is set. Support: Extended
-- `retry` (Attributes) Retry defines the configuration for when to retry an HTTP request. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--retry))
-- `session_persistence` (Attributes) SessionPersistence defines and configures session persistence for the route rule. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--session_persistence))
 - `timeouts` (Attributes) Timeouts defines the timeouts that can be configured for an HTTP request. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--timeouts))
 
 <a id="nestedatt--spec--rules--backend_refs"></a>
@@ -165,11 +162,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.backend_ref`
 
@@ -185,18 +177,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--backend_refs--filters--request_redirect"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_redirect`
@@ -336,11 +316,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.filters.request_mirror.backend_ref`
 
@@ -356,18 +331,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--filters--request_redirect"></a>
 ### Nested Schema for `spec.rules.filters.request_redirect`
@@ -491,36 +454,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--rules--retry"></a>
-### Nested Schema for `spec.rules.retry`
-
-Optional:
-
-- `attempts` (Number) Attempts specifies the maxmimum number of times an individual request from the gateway to a backend should be retried. If the maximum number of retries has been attempted without a successful response from the backend, the Gateway MUST return an error. When this field is unspecified, the number of times to attempt to retry a backend request is implementation-specific. Support: Extended
-- `backoff` (String) Backoff specifies the minimum duration a Gateway should wait between retry attempts and is represented in Gateway API Duration formatting. For example, setting the 'rules[].retry.backoff' field to the value '100ms' will cause a backend request to first be retried approximately 100 milliseconds after timing out or receiving a response code configured to be retryable. An implementation MAY use an exponential or alternative backoff strategy for subsequent retry attempts, MAY cap the maximum backoff duration to some amount greater than the specified minimum, and MAY add arbitrary jitter to stagger requests, as long as unsuccessful backend requests are not retried before the configured minimum duration. If a Request timeout ('rules[].timeouts.request') is configured on the route, the entire duration of the initial request and any retry attempts MUST not exceed the Request timeout duration. If any retry attempts are still in progress when the Request timeout duration has been reached, these SHOULD be canceled if possible and the Gateway MUST immediately return a timeout error. If a BackendRequest timeout ('rules[].timeouts.backendRequest') is configured on the route, any retry attempts which reach the configured BackendRequest timeout duration without a response SHOULD be canceled if possible and the Gateway should wait for at least the specified backoff duration before attempting to retry the backend request again. If a BackendRequest timeout is _not_ configured on the route, retry attempts MAY time out after an implementation default duration, or MAY remain pending until a configured Request timeout or implementation default duration for total request time is reached. When this field is unspecified, the time to wait between retry attempts is implementation-specific. Support: Extended
-- `codes` (List of String) Codes defines the HTTP response status codes for which a backend request should be retried. Support: Extended
-
-
-<a id="nestedatt--spec--rules--session_persistence"></a>
-### Nested Schema for `spec.rules.session_persistence`
-
-Optional:
-
-- `absolute_timeout` (String) AbsoluteTimeout defines the absolute timeout of the persistent session. Once the AbsoluteTimeout duration has elapsed, the session becomes invalid. Support: Extended
-- `cookie_config` (Attributes) CookieConfig provides configuration settings that are specific to cookie-based session persistence. Support: Core (see [below for nested schema](#nestedatt--spec--rules--session_persistence--cookie_config))
-- `idle_timeout` (String) IdleTimeout defines the idle timeout of the persistent session. Once the session has been idle for more than the specified IdleTimeout duration, the session becomes invalid. Support: Extended
-- `session_name` (String) SessionName defines the name of the persistent session token which may be reflected in the cookie or the header. Users should avoid reusing session names to prevent unintended consequences, such as rejection or unpredictable behavior. Support: Implementation-specific
-- `type` (String) Type defines the type of session persistence such as through the use a header or cookie. Defaults to cookie based session persistence. Support: Core for 'Cookie' type Support: Extended for 'Header' type
-
-<a id="nestedatt--spec--rules--session_persistence--cookie_config"></a>
-### Nested Schema for `spec.rules.session_persistence.cookie_config`
-
-Optional:
-
-- `lifetime_type` (String) LifetimeType specifies whether the cookie has a permanent or session-based lifetime. A permanent cookie persists until its specified expiry time, defined by the Expires or Max-Age cookie attributes, while a session cookie is deleted when the current session ends. When set to 'Permanent', AbsoluteTimeout indicates the cookie's lifetime via the Expires or Max-Age cookie attributes and is required. When set to 'Session', AbsoluteTimeout indicates the absolute lifetime of the cookie tracked by the gateway and is optional. Support: Core for 'Session' type Support: Extended for 'Permanent' type
-
-
-
 <a id="nestedatt--spec--rules--timeouts"></a>
 ### Nested Schema for `spec.rules.timeouts`
 
diff --git a/docs/data-sources/gateway_networking_k8s_io_http_route_v1beta1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_http_route_v1beta1_manifest.md
index d374de6b0..33083cca3 100644
--- a/docs/data-sources/gateway_networking_k8s_io_http_route_v1beta1_manifest.md
+++ b/docs/data-sources/gateway_networking_k8s_io_http_route_v1beta1_manifest.md
@@ -56,7 +56,7 @@ Optional:
 Optional:
 
 - `hostnames` (List of String) Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label ('*.'). The wildcard label must appear by itself as the first label. If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: * A Listener with 'test.example.com' as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of 'test.example.com' or '*.example.com'. * A Listener with '*.example.com' as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, '*.example.com', 'test.example.com', and 'foo.test.example.com' would all match. On the other hand, 'example.com' and 'test.example.net' would not match. Hostnames that are prefixed with a wildcard label ('*.') are interpreted as a suffix match. That means that a match for '*.example.com' would match both 'test.example.com', and 'foo.test.example.com', but not 'example.com'. If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified '*.example.com', and the HTTPRoute specified 'test.example.com' and 'test.example.net', 'test.example.net' must not be considered for a match. If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of 'False' in the corresponding RouteParentStatus. In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. Support: Core
-- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. (see [below for nested schema](#nestedatt--spec--parent_refs))
+- `parent_refs` (Attributes List) ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a 'producer' route, or the mesh implementation must support and allow 'consumer' routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a 'producer' route for a Service in a different namespace from the Route. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. ParentRefs must be _distinct_. This means either that: * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by 'group', 'kind', 'namespace', and 'name' must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. Some examples: * If one ParentRef sets 'sectionName', all ParentRefs referencing the same object must also set 'sectionName'. * If one ParentRef sets 'port', all ParentRefs referencing the same object must also set 'port'. * If one ParentRef sets 'sectionName' and 'port', all ParentRefs referencing the same object must also set 'sectionName' and 'port'. It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. (see [below for nested schema](#nestedatt--spec--parent_refs))
 - `rules` (Attributes List) Rules are a list of HTTP matchers, filters and actions. (see [below for nested schema](#nestedatt--spec--rules))
 
 <a id="nestedatt--spec--parent_refs"></a>
@@ -70,8 +70,8 @@ Optional:
 
 - `group` (String) Group is the group of the referent. When unspecified, 'gateway.networking.k8s.io' is inferred. To set the core API group (such as for a 'Service' kind referent), Group must be explicitly set to '' (empty string). Support: Core
 - `kind` (String) Kind is kind of the referent. There are two kinds of parent resources with 'Core' support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
-- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. ParentRefs from a Route to a Service in the same namespace are 'producer' routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are 'consumer' routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. Support: Core
-- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
+- `namespace` (String) Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Support: Core
+- `port` (Number) Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set 'Port' unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
 - `section_name` (String) SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
 
 
@@ -83,9 +83,6 @@ Optional:
 - `backend_refs` (Attributes List) BackendRefs defines the backend(s) where matching requests should be sent. Failure behavior here depends on how many BackendRefs are specified and how many are invalid. If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. When a HTTPBackendRef refers to a Service that has no ready endpoints, implementations SHOULD return a 503 for requests to that backend instead. If an implementation chooses to do this, all of the above rules for 500 responses MUST also apply for responses that return a 503. Support: Core for Kubernetes Service Support: Extended for Kubernetes ServiceImport Support: Implementation-specific for any other resource Support for weight: Core (see [below for nested schema](#nestedatt--spec--rules--backend_refs))
 - `filters` (Attributes List) Filters define the filters that are applied to requests that match this rule. Wherever possible, implementations SHOULD implement filters in the order they are specified. Implementations MAY choose to implement this ordering strictly, rejecting any combination or order of filters that can not be supported. If implementations choose a strict interpretation of filter ordering, they MUST clearly document that behavior. To reject an invalid combination or order of filters, implementations SHOULD consider the Route Rules with this configuration invalid. If all Route Rules in a Route are invalid, the entire Route would be considered invalid. If only a portion of Route Rules are invalid, implementations MUST set the 'PartiallyInvalid' condition for the Route. Conformance-levels at this level are defined based on the type of filter: - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the 'Accepted' condition to be set to status 'False', implementations may use the 'IncompatibleFilters' reason to specify this configuration error. Support: Core (see [below for nested schema](#nestedatt--spec--rules--filters))
 - `matches` (Attributes List) Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. For example, take the following matches configuration: ''' matches: - path: value: '/foo' headers: - name: 'version' value: 'v2' - path: value: '/v2/foo' ''' For a request to match against this rule, a request must satisfy EITHER of the two conditions: - path prefixed with '/foo' AND contains the header 'version: v2' - path prefix of '/v2/foo' See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. If no matches are specified, the default is a prefix path match on '/', which has the effect of matching every HTTP request. Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: * 'Exact' path match. * 'Prefix' path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. Note: The precedence of RegularExpression path matches are implementation-specific. If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by '{namespace}/{name}'. If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned. (see [below for nested schema](#nestedatt--spec--rules--matches))
-- `name` (String) Name is the name of the route rule. This name MUST be unique within a Route if it is set. Support: Extended
-- `retry` (Attributes) Retry defines the configuration for when to retry an HTTP request. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--retry))
-- `session_persistence` (Attributes) SessionPersistence defines and configures session persistence for the route rule. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--session_persistence))
 - `timeouts` (Attributes) Timeouts defines the timeouts that can be configured for an HTTP request. Support: Extended (see [below for nested schema](#nestedatt--spec--rules--timeouts))
 
 <a id="nestedatt--spec--rules--backend_refs"></a>
@@ -165,11 +162,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.backend_ref`
 
@@ -185,18 +177,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--backend_refs--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.backend_refs.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--backend_refs--filters--request_redirect"></a>
 ### Nested Schema for `spec.rules.backend_refs.filters.request_redirect`
@@ -336,11 +316,6 @@ Required:
 
 - `backend_ref` (Attributes) BackendRef references a resource where mirrored requests are sent. Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the 'ResolvedRefs' condition on the Route status is set to 'status: False' and not configure this backend in the underlying implementation. If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the 'ResolvedRefs' condition on the Route is set to 'status: False', with the 'RefNotPermitted' reason and not configure this backend in the underlying implementation. In either error case, the Message of the 'ResolvedRefs' Condition should be used to provide more detail about the problem. Support: Extended for Kubernetes Service Support: Implementation-specific for any other resource (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--backend_ref))
 
-Optional:
-
-- `fraction` (Attributes) Fraction represents the fraction of requests that should be mirrored to BackendRef. Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored. (see [below for nested schema](#nestedatt--spec--rules--filters--request_mirror--fraction))
-- `percent` (Number) Percent represents the percentage of requests that should be mirrored to BackendRef. Its minimum value is 0 (indicating 0% of requests) and its maximum value is 100 (indicating 100% of requests). Only one of Fraction or Percent may be specified. If neither field is specified, 100% of requests will be mirrored.
-
 <a id="nestedatt--spec--rules--filters--request_mirror--backend_ref"></a>
 ### Nested Schema for `spec.rules.filters.request_mirror.backend_ref`
 
@@ -356,18 +331,6 @@ Optional:
 - `port` (Number) Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
 
 
-<a id="nestedatt--spec--rules--filters--request_mirror--fraction"></a>
-### Nested Schema for `spec.rules.filters.request_mirror.fraction`
-
-Required:
-
-- `numerator` (Number)
-
-Optional:
-
-- `denominator` (Number)
-
-
 
 <a id="nestedatt--spec--rules--filters--request_redirect"></a>
 ### Nested Schema for `spec.rules.filters.request_redirect`
@@ -491,36 +454,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--rules--retry"></a>
-### Nested Schema for `spec.rules.retry`
-
-Optional:
-
-- `attempts` (Number) Attempts specifies the maxmimum number of times an individual request from the gateway to a backend should be retried. If the maximum number of retries has been attempted without a successful response from the backend, the Gateway MUST return an error. When this field is unspecified, the number of times to attempt to retry a backend request is implementation-specific. Support: Extended
-- `backoff` (String) Backoff specifies the minimum duration a Gateway should wait between retry attempts and is represented in Gateway API Duration formatting. For example, setting the 'rules[].retry.backoff' field to the value '100ms' will cause a backend request to first be retried approximately 100 milliseconds after timing out or receiving a response code configured to be retryable. An implementation MAY use an exponential or alternative backoff strategy for subsequent retry attempts, MAY cap the maximum backoff duration to some amount greater than the specified minimum, and MAY add arbitrary jitter to stagger requests, as long as unsuccessful backend requests are not retried before the configured minimum duration. If a Request timeout ('rules[].timeouts.request') is configured on the route, the entire duration of the initial request and any retry attempts MUST not exceed the Request timeout duration. If any retry attempts are still in progress when the Request timeout duration has been reached, these SHOULD be canceled if possible and the Gateway MUST immediately return a timeout error. If a BackendRequest timeout ('rules[].timeouts.backendRequest') is configured on the route, any retry attempts which reach the configured BackendRequest timeout duration without a response SHOULD be canceled if possible and the Gateway should wait for at least the specified backoff duration before attempting to retry the backend request again. If a BackendRequest timeout is _not_ configured on the route, retry attempts MAY time out after an implementation default duration, or MAY remain pending until a configured Request timeout or implementation default duration for total request time is reached. When this field is unspecified, the time to wait between retry attempts is implementation-specific. Support: Extended
-- `codes` (List of String) Codes defines the HTTP response status codes for which a backend request should be retried. Support: Extended
-
-
-<a id="nestedatt--spec--rules--session_persistence"></a>
-### Nested Schema for `spec.rules.session_persistence`
-
-Optional:
-
-- `absolute_timeout` (String) AbsoluteTimeout defines the absolute timeout of the persistent session. Once the AbsoluteTimeout duration has elapsed, the session becomes invalid. Support: Extended
-- `cookie_config` (Attributes) CookieConfig provides configuration settings that are specific to cookie-based session persistence. Support: Core (see [below for nested schema](#nestedatt--spec--rules--session_persistence--cookie_config))
-- `idle_timeout` (String) IdleTimeout defines the idle timeout of the persistent session. Once the session has been idle for more than the specified IdleTimeout duration, the session becomes invalid. Support: Extended
-- `session_name` (String) SessionName defines the name of the persistent session token which may be reflected in the cookie or the header. Users should avoid reusing session names to prevent unintended consequences, such as rejection or unpredictable behavior. Support: Implementation-specific
-- `type` (String) Type defines the type of session persistence such as through the use a header or cookie. Defaults to cookie based session persistence. Support: Core for 'Cookie' type Support: Extended for 'Header' type
-
-<a id="nestedatt--spec--rules--session_persistence--cookie_config"></a>
-### Nested Schema for `spec.rules.session_persistence.cookie_config`
-
-Optional:
-
-- `lifetime_type` (String) LifetimeType specifies whether the cookie has a permanent or session-based lifetime. A permanent cookie persists until its specified expiry time, defined by the Expires or Max-Age cookie attributes, while a session cookie is deleted when the current session ends. When set to 'Permanent', AbsoluteTimeout indicates the cookie's lifetime via the Expires or Max-Age cookie attributes and is required. When set to 'Session', AbsoluteTimeout indicates the absolute lifetime of the cookie tracked by the gateway and is optional. Support: Core for 'Session' type Support: Extended for 'Permanent' type
-
-
-
 <a id="nestedatt--spec--rules--timeouts"></a>
 ### Nested Schema for `spec.rules.timeouts`
 
diff --git a/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md b/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md
index 621eff650..4ab1b640b 100644
--- a/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md
+++ b/docs/data-sources/gateway_solo_io_route_option_v1_manifest.md
@@ -118,11 +118,11 @@ Optional:
 
 Optional:
 
-- `backup_models` (List of String)
 - `defaults` (Attributes List) (see [below for nested schema](#nestedatt--spec--options--ai--defaults))
 - `prompt_enrichment` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--prompt_enrichment))
 - `prompt_guard` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--prompt_guard))
 - `rag` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--rag))
+- `route_type` (String)
 - `semantic_cache` (Attributes) (see [below for nested schema](#nestedatt--spec--options--ai--semantic_cache))
 
 <a id="nestedatt--spec--options--ai--defaults"></a>
@@ -1970,6 +1970,7 @@ Optional:
 - `num_retries` (Number)
 - `per_try_timeout` (String)
 - `previous_priorities` (Attributes) (see [below for nested schema](#nestedatt--spec--options--retries--previous_priorities))
+- `retriable_status_codes` (List of String)
 - `retry_back_off` (Attributes) (see [below for nested schema](#nestedatt--spec--options--retries--retry_back_off))
 - `retry_on` (String)
 
diff --git a/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md b/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md
index c34544466..2b36a7cae 100644
--- a/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md
+++ b/docs/data-sources/gateway_solo_io_route_table_v1_manifest.md
@@ -229,11 +229,11 @@ Optional:
 
 Optional:
 
-- `backup_models` (List of String)
 - `defaults` (Attributes List) (see [below for nested schema](#nestedatt--spec--routes--options--ai--defaults))
 - `prompt_enrichment` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--prompt_enrichment))
 - `prompt_guard` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--prompt_guard))
 - `rag` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--rag))
+- `route_type` (String)
 - `semantic_cache` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--ai--semantic_cache))
 
 <a id="nestedatt--spec--routes--options--ai--defaults"></a>
@@ -2081,6 +2081,7 @@ Optional:
 - `num_retries` (Number)
 - `per_try_timeout` (String)
 - `previous_priorities` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--retries--previous_priorities))
+- `retriable_status_codes` (List of String)
 - `retry_back_off` (Attributes) (see [below for nested schema](#nestedatt--spec--routes--options--retries--retry_back_off))
 - `retry_on` (String)
 
diff --git a/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md b/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md
index 310b3b53c..ef1c13539 100644
--- a/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md
+++ b/docs/data-sources/gateway_solo_io_virtual_host_option_v1_manifest.md
@@ -1635,6 +1635,7 @@ Optional:
 - `num_retries` (Number)
 - `per_try_timeout` (String)
 - `previous_priorities` (Attributes) (see [below for nested schema](#nestedatt--spec--options--retries--previous_priorities))
+- `retriable_status_codes` (List of String)
 - `retry_back_off` (Attributes) (see [below for nested schema](#nestedatt--spec--options--retries--retry_back_off))
 - `retry_on` (String)
 
diff --git a/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md b/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md
index d0e2749f6..a44c4c2c7 100644
--- a/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md
+++ b/docs/data-sources/gateway_solo_io_virtual_service_v1_manifest.md
@@ -1724,6 +1724,7 @@ Optional:
 - `num_retries` (Number)
 - `per_try_timeout` (String)
 - `previous_priorities` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--options--retries--previous_priorities))
+- `retriable_status_codes` (List of String)
 - `retry_back_off` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--options--retries--retry_back_off))
 - `retry_on` (String)
 
@@ -3787,11 +3788,11 @@ Optional:
 
 Optional:
 
-- `backup_models` (List of String)
 - `defaults` (Attributes List) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--defaults))
 - `prompt_enrichment` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--prompt_enrichment))
 - `prompt_guard` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--prompt_guard))
 - `rag` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--rag))
+- `route_type` (String)
 - `semantic_cache` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--ai--semantic_cache))
 
 <a id="nestedatt--spec--virtual_host--routes--options--ai--defaults"></a>
@@ -5639,6 +5640,7 @@ Optional:
 - `num_retries` (Number)
 - `per_try_timeout` (String)
 - `previous_priorities` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--retries--previous_priorities))
+- `retriable_status_codes` (List of String)
 - `retry_back_off` (Attributes) (see [below for nested schema](#nestedatt--spec--virtual_host--routes--options--retries--retry_back_off))
 - `retry_on` (String)
 
diff --git a/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md b/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md
index f41c16d16..b72dc9f8f 100644
--- a/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md
+++ b/docs/data-sources/gloo_solo_io_upstream_v1_manifest.md
@@ -97,6 +97,7 @@ Optional:
 - `anthropic` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--anthropic))
 - `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--azure_openai))
 - `mistral` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--mistral))
+- `multi` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi))
 - `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--openai))
 
 <a id="nestedatt--spec--ai--anthropic"></a>
@@ -106,6 +107,7 @@ Optional:
 
 - `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--anthropic--auth_token))
 - `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--anthropic--custom_host))
+- `model` (String)
 - `version` (String)
 
 <a id="nestedatt--spec--ai--anthropic--auth_token"></a>
@@ -141,7 +143,9 @@ Optional:
 
 Optional:
 
+- `api_version` (String)
 - `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--azure_openai--auth_token))
+- `deployment_name` (String)
 - `endpoint` (String)
 
 <a id="nestedatt--spec--ai--azure_openai--auth_token"></a>
@@ -170,6 +174,7 @@ Optional:
 
 - `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--mistral--auth_token))
 - `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--mistral--custom_host))
+- `model` (String)
 
 <a id="nestedatt--spec--ai--mistral--auth_token"></a>
 ### Nested Schema for `spec.ai.mistral.auth_token`
@@ -199,6 +204,174 @@ Optional:
 
 
 
+<a id="nestedatt--spec--ai--multi"></a>
+### Nested Schema for `spec.ai.multi`
+
+Optional:
+
+- `priorities` (Attributes List) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities))
+
+<a id="nestedatt--spec--ai--multi--priorities"></a>
+### Nested Schema for `spec.ai.multi.priorities`
+
+Optional:
+
+- `pool` (Attributes List) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool`
+
+Optional:
+
+- `anthropic` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--anthropic))
+- `azure_openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--azure_openai))
+- `mistral` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--mistral))
+- `openai` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--openai))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--anthropic"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.anthropic`
+
+Optional:
+
+- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--anthropic--auth_token))
+- `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--anthropic--custom_host))
+- `model` (String)
+- `version` (String)
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--anthropic--auth_token"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.anthropic.auth_token`
+
+Optional:
+
+- `inline` (String)
+- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--anthropic--auth_token--secret_ref))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--anthropic--auth_token--secret_ref"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.anthropic.auth_token.secret_ref`
+
+Optional:
+
+- `name` (String)
+- `namespace` (String)
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--anthropic--custom_host"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.anthropic.custom_host`
+
+Optional:
+
+- `host` (String)
+- `port` (Number)
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--azure_openai"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.azure_openai`
+
+Optional:
+
+- `api_version` (String)
+- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--azure_openai--auth_token))
+- `deployment_name` (String)
+- `endpoint` (String)
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--azure_openai--auth_token"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.azure_openai.auth_token`
+
+Optional:
+
+- `inline` (String)
+- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--azure_openai--auth_token--secret_ref))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--azure_openai--auth_token--secret_ref"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.azure_openai.auth_token.secret_ref`
+
+Optional:
+
+- `name` (String)
+- `namespace` (String)
+
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--mistral"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.mistral`
+
+Optional:
+
+- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--mistral--auth_token))
+- `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--mistral--custom_host))
+- `model` (String)
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--mistral--auth_token"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.mistral.auth_token`
+
+Optional:
+
+- `inline` (String)
+- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--mistral--auth_token--secret_ref))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--mistral--auth_token--secret_ref"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.mistral.auth_token.secret_ref`
+
+Optional:
+
+- `name` (String)
+- `namespace` (String)
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--mistral--custom_host"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.mistral.custom_host`
+
+Optional:
+
+- `host` (String)
+- `port` (Number)
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--openai"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.openai`
+
+Optional:
+
+- `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--openai--auth_token))
+- `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--openai--custom_host))
+- `model` (String)
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--openai--auth_token"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.openai.auth_token`
+
+Optional:
+
+- `inline` (String)
+- `secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--multi--priorities--pool--openai--auth_token--secret_ref))
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--openai--auth_token--secret_ref"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.openai.auth_token.secret_ref`
+
+Optional:
+
+- `name` (String)
+- `namespace` (String)
+
+
+
+<a id="nestedatt--spec--ai--multi--priorities--pool--openai--custom_host"></a>
+### Nested Schema for `spec.ai.multi.priorities.pool.openai.custom_host`
+
+Optional:
+
+- `host` (String)
+- `port` (Number)
+
+
+
+
+
+
 <a id="nestedatt--spec--ai--openai"></a>
 ### Nested Schema for `spec.ai.openai`
 
@@ -206,6 +379,7 @@ Optional:
 
 - `auth_token` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--openai--auth_token))
 - `custom_host` (Attributes) (see [below for nested schema](#nestedatt--spec--ai--openai--custom_host))
+- `model` (String)
 
 <a id="nestedatt--spec--ai--openai--auth_token"></a>
 ### Nested Schema for `spec.ai.openai.auth_token`
diff --git a/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md
index e25bf1369..35c912ded 100644
--- a/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md
+++ b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md
@@ -224,6 +224,7 @@ Optional:
 - `create_namespace` (Boolean) CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected.
 - `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm install action.
 - `disable_open_api_validation` (Boolean) DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.
+- `disable_schema_validation` (Boolean) DisableSchemaValidation prevents the Helm install action from validating the values against the JSON Schema.
 - `disable_wait` (Boolean) DisableWait disables the waiting for resources to be ready after a Helm install has been performed.
 - `disable_wait_for_jobs` (Boolean) DisableWaitForJobs disables waiting for jobs to complete after a Helm install has been performed.
 - `remediation` (Attributes) Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. (see [below for nested schema](#nestedatt--spec--install--remediation))
@@ -377,6 +378,7 @@ Optional:
 - `crds` (String) CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are 'Skip', 'Create' or 'CreateReplace'. Default is 'Skip' and if omitted CRDs are neither installed nor upgraded. Skip: do neither install nor replace (update) any CRDs. Create: new CRDs are created, existing CRDs are neither updated nor deleted. CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
 - `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm upgrade action.
 - `disable_open_api_validation` (Boolean) DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.
+- `disable_schema_validation` (Boolean) DisableSchemaValidation prevents the Helm upgrade action from validating the values against the JSON Schema.
 - `disable_wait` (Boolean) DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.
 - `disable_wait_for_jobs` (Boolean) DisableWaitForJobs disables waiting for jobs to complete after a Helm upgrade has been performed.
 - `force` (Boolean) Force forces resource updates through a replacement strategy.
diff --git a/docs/data-sources/hive_openshift_io_hive_config_v1_manifest.md b/docs/data-sources/hive_openshift_io_hive_config_v1_manifest.md
index 405bbaf48..2a46dfaff 100644
--- a/docs/data-sources/hive_openshift_io_hive_config_v1_manifest.md
+++ b/docs/data-sources/hive_openshift_io_hive_config_v1_manifest.md
@@ -58,6 +58,7 @@ Optional:
 - `argo_cd_config` (Attributes) ArgoCD specifies configuration for ArgoCD integration. If enabled, Hive will automatically add provisioned clusters to ArgoCD, and remove them when they are deprovisioned. (see [below for nested schema](#nestedatt--spec--argo_cd_config))
 - `aws_private_link` (Attributes) AWSPrivateLink defines the configuration for the aws-private-link controller. It provides 3 major pieces of information required by the controller, 1. The Credentials that should be used to create AWS PrivateLink resources other than what exist in the customer's account. 2. A list of VPCs that can be used by the controller to choose one to create AWS VPC Endpoints for the AWS VPC Endpoint Services created for ClusterDeployments in their corresponding regions. 3. A list of VPCs that should be able to resolve the DNS addresses setup for Private Link. (see [below for nested schema](#nestedatt--spec--aws_private_link))
 - `backup` (Attributes) Backup specifies configuration for backup integration. If absent, backup integration will be disabled. (see [below for nested schema](#nestedatt--spec--backup))
+- `cluster_version_poll_interval` (String) ClusterVersionPollInterval is a string duration indicating how much time must pass before checking whether we need to update the hive.openshift.io/version* labels on ClusterDeployment. If zero or unset, we'll only reconcile when the ClusterDeployment changes.
 - `controllers_config` (Attributes) ControllersConfig is used to configure different hive controllers (see [below for nested schema](#nestedatt--spec--controllers_config))
 - `delete_protection` (String) DeleteProtection can be set to 'enabled' to turn on automatic delete protection for ClusterDeployments. When enabled, Hive will add the 'hive.openshift.io/protected-delete' annotation to new ClusterDeployments. Once a ClusterDeployment has been installed, a user must remove the annotation from a ClusterDeployment prior to deleting it.
 - `deployment_config` (Attributes List) DeploymentConfig is used to configure (pods/containers of) the Deployments generated by hive-operator. (see [below for nested schema](#nestedatt--spec--deployment_config))
diff --git a/docs/data-sources/k8s_mariadb_com_backup_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_backup_v1alpha1_manifest.md
index ab3927503..643e43a1f 100644
--- a/docs/data-sources/k8s_mariadb_com_backup_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_backup_v1alpha1_manifest.md
@@ -88,13 +88,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
 
@@ -112,1229 +107,221 @@ Optional:
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `access_modes` (List of String)
+- `resources` (Attributes) VolumeResourceRequirements describes the storage resource requirements for a volume. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--resources))
+- `selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--selector))
+- `storage_class_name` (String)
 
-<a id="nestedatt--spec--storage--persistent_volume_claim--data_source"></a>
-### Nested Schema for `spec.storage.persistent_volume_claim.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--storage--persistent_volume_claim--data_source_ref"></a>
-### Nested Schema for `spec.storage.persistent_volume_claim.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--storage--persistent_volume_claim--resources"></a>
-### Nested Schema for `spec.storage.persistent_volume_claim.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--storage--persistent_volume_claim--selector"></a>
-### Nested Schema for `spec.storage.persistent_volume_claim.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--storage--persistent_volume_claim--selector--match_expressions"></a>
-### Nested Schema for `spec.storage.persistent_volume_claim.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--storage--s3"></a>
-### Nested Schema for `spec.storage.s3`
-
-Required:
-
-- `access_key_id_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. (see [below for nested schema](#nestedatt--spec--storage--s3--access_key_id_secret_key_ref))
-- `bucket` (String) Bucket is the name Name of the bucket to store backups.
-- `endpoint` (String) Endpoint is the S3 API endpoint without scheme.
-- `secret_access_key_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. (see [below for nested schema](#nestedatt--spec--storage--s3--secret_access_key_secret_key_ref))
-
-Optional:
-
-- `prefix` (String) Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
-- `region` (String) Region is the S3 region name to use.
-- `session_token_secret_key_ref` (Attributes) SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. (see [below for nested schema](#nestedatt--spec--storage--s3--session_token_secret_key_ref))
-- `tls` (Attributes) TLS provides the configuration required to establish TLS connections with S3. (see [below for nested schema](#nestedatt--spec--storage--s3--tls))
-
-<a id="nestedatt--spec--storage--s3--access_key_id_secret_key_ref"></a>
-### Nested Schema for `spec.storage.s3.access_key_id_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--storage--s3--secret_access_key_secret_key_ref"></a>
-### Nested Schema for `spec.storage.s3.secret_access_key_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--storage--s3--session_token_secret_key_ref"></a>
-### Nested Schema for `spec.storage.s3.session_token_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--storage--s3--tls"></a>
-### Nested Schema for `spec.storage.s3.tls`
-
-Optional:
-
-- `ca_secret_key_ref` (Attributes) CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. (see [below for nested schema](#nestedatt--spec--storage--s3--tls--ca_secret_key_ref))
-- `enabled` (Boolean) Enabled is a flag to enable TLS.
-
-<a id="nestedatt--spec--storage--s3--tls--ca_secret_key_ref"></a>
-### Nested Schema for `spec.storage.s3.tls.ca_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--storage--volume"></a>
-### Nested Schema for `spec.storage.volume`
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--storage--volume--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--storage--volume--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--storage--volume--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--storage--volume--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--storage--volume--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--storage--volume--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--storage--volume--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--storage--volume--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--storage--volume--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--storage--volume--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--storage--volume--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--storage--volume--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--storage--volume--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--storage--volume--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--storage--volume--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--storage--volume--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--storage--volume--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--storage--volume--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--storage--volume--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--storage--volume--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--storage--volume--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--storage--volume--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--storage--volume--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--storage--volume--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--storage--volume--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--storage--volume--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--storage--volume--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--storage--volume--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--storage--volume--vsphere_volume))
-
-<a id="nestedatt--spec--storage--volume--aws_elastic_block_store"></a>
-### Nested Schema for `spec.storage.volume.aws_elastic_block_store`
-
-Required:
-
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--storage--volume--azure_disk"></a>
-### Nested Schema for `spec.storage.volume.azure_disk`
-
-Required:
-
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
-
-Optional:
-
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--storage--volume--azure_file"></a>
-### Nested Schema for `spec.storage.volume.azure_file`
-
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--storage--volume--cephfs"></a>
-### Nested Schema for `spec.storage.volume.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--storage--volume--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--storage--volume--cephfs--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--cinder"></a>
-### Nested Schema for `spec.storage.volume.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--storage--volume--cinder--secret_ref))
-
-<a id="nestedatt--spec--storage--volume--cinder--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--config_map"></a>
-### Nested Schema for `spec.storage.volume.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volume--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--storage--volume--config_map--items"></a>
-### Nested Schema for `spec.storage.volume.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--storage--volume--csi"></a>
-### Nested Schema for `spec.storage.volume.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--storage--volume--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--storage--volume--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.storage.volume.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--downward_api"></a>
-### Nested Schema for `spec.storage.volume.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--storage--volume--downward_api--items))
-
-<a id="nestedatt--spec--storage--volume--downward_api--items"></a>
-### Nested Schema for `spec.storage.volume.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--storage--volume--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--storage--volume--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--storage--volume--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.storage.volume.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--storage--volume--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.storage.volume.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--storage--volume--empty_dir"></a>
-### Nested Schema for `spec.storage.volume.empty_dir`
-
-Optional:
-
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
-
-<a id="nestedatt--spec--storage--volume--ephemeral"></a>
-### Nested Schema for `spec.storage.volume.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template`
-
-Required:
-
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec))
-
-Optional:
-
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--storage--volume--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.storage.volume.ephemeral.volume_claim_template.spec.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--storage--volume--fc"></a>
-### Nested Schema for `spec.storage.volume.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--storage--volume--flex_volume"></a>
-### Nested Schema for `spec.storage.volume.flex_volume`
-
-Required:
-
-- `driver` (String) driver is the name of the driver to use for this volume.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--storage--volume--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--storage--volume--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.flex_volume.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--flocker"></a>
-### Nested Schema for `spec.storage.volume.flocker`
-
-Optional:
-
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--storage--volume--gce_persistent_disk"></a>
-### Nested Schema for `spec.storage.volume.gce_persistent_disk`
-
-Required:
-
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
-<a id="nestedatt--spec--storage--volume--git_repo"></a>
-### Nested Schema for `spec.storage.volume.git_repo`
-
-Required:
-
-- `repository` (String) repository is the URL
-
-Optional:
-
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--storage--volume--glusterfs"></a>
-### Nested Schema for `spec.storage.volume.glusterfs`
-
-Required:
-
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
-<a id="nestedatt--spec--storage--volume--host_path"></a>
-### Nested Schema for `spec.storage.volume.host_path`
-
-Required:
-
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-Optional:
-
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
-<a id="nestedatt--spec--storage--volume--image"></a>
-### Nested Schema for `spec.storage.volume.image`
-
-Optional:
-
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
-
-<a id="nestedatt--spec--storage--volume--iscsi"></a>
-### Nested Schema for `spec.storage.volume.iscsi`
-
-Required:
-
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-
-Optional:
-
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--storage--volume--iscsi--secret_ref))
-
-<a id="nestedatt--spec--storage--volume--iscsi--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.iscsi.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--nfs"></a>
-### Nested Schema for `spec.storage.volume.nfs`
-
-Required:
-
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--storage--volume--persistent_volume_claim"></a>
-### Nested Schema for `spec.storage.volume.persistent_volume_claim`
-
-Required:
-
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
-
-Optional:
-
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--storage--volume--photon_persistent_disk"></a>
-### Nested Schema for `spec.storage.volume.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--storage--volume--portworx_volume"></a>
-### Nested Schema for `spec.storage.volume.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--storage--volume--projected"></a>
-### Nested Schema for `spec.storage.volume.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources))
-
-<a id="nestedatt--spec--storage--volume--projected--sources"></a>
-### Nested Schema for `spec.storage.volume.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
-
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
-
-<a id="nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.cluster_trust_bundle.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--storage--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--storage--volume--projected--sources--config_map"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--storage--volume--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--storage--volume--projected--sources--downward_api"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.downward_api`
-
-Optional:
-
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--storage--volume--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--storage--volume--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--storage--volume--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--storage--volume--projected--sources--secret"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.secret`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volume--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--storage--volume--projected--sources--secret--items"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--storage--volume--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.storage.volume.projected.sources.service_account_token`
-
-Required:
-
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
-
-Optional:
-
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
-
-<a id="nestedatt--spec--storage--volume--quobyte"></a>
-### Nested Schema for `spec.storage.volume.quobyte`
-
-Required:
-
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
-
-Optional:
-
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
-
-
-<a id="nestedatt--spec--storage--volume--rbd"></a>
-### Nested Schema for `spec.storage.volume.rbd`
-
-Required:
-
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--storage--volume--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-<a id="nestedatt--spec--storage--volume--rbd--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.rbd.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--scale_io"></a>
-### Nested Schema for `spec.storage.volume.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--storage--volume--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--storage--volume--scale_io--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.scale_io.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--storage--volume--secret"></a>
-### Nested Schema for `spec.storage.volume.secret`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--storage--volume--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-<a id="nestedatt--spec--storage--volume--secret--items"></a>
-### Nested Schema for `spec.storage.volume.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--storage--persistent_volume_claim--resources"></a>
+### Nested Schema for `spec.storage.persistent_volume_claim.resources`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--storage--volume--storageos"></a>
-### Nested Schema for `spec.storage.volume.storageos`
-
-Optional:
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--storage--volume--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
 
-<a id="nestedatt--spec--storage--volume--storageos--secret_ref"></a>
-### Nested Schema for `spec.storage.volume.storageos.secret_ref`
+<a id="nestedatt--spec--storage--persistent_volume_claim--selector"></a>
+### Nested Schema for `spec.storage.persistent_volume_claim.selector`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--persistent_volume_claim--selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--storage--volume--vsphere_volume"></a>
-### Nested Schema for `spec.storage.volume.vsphere_volume`
+<a id="nestedatt--spec--storage--persistent_volume_claim--selector--match_expressions"></a>
+### Nested Schema for `spec.storage.persistent_volume_claim.selector.match_expressions`
 
 Required:
 
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
-
-
-
-
-<a id="nestedatt--spec--affinity"></a>
-### Nested Schema for `spec.affinity`
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-<a id="nestedatt--spec--affinity--node_affinity"></a>
-### Nested Schema for `spec.affinity.node_affinity`
 
-Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--storage--s3"></a>
+### Nested Schema for `spec.storage.s3`
 
 Required:
 
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
+- `access_key_id_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. (see [below for nested schema](#nestedatt--spec--storage--s3--access_key_id_secret_key_ref))
+- `bucket` (String) Bucket is the name Name of the bucket to store backups.
+- `endpoint` (String) Endpoint is the S3 API endpoint without scheme.
+- `secret_access_key_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. (see [below for nested schema](#nestedatt--spec--storage--s3--secret_access_key_secret_key_ref))
 
 Optional:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
+- `prefix` (String) Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
+- `region` (String) Region is the S3 region name to use.
+- `session_token_secret_key_ref` (Attributes) SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. (see [below for nested schema](#nestedatt--spec--storage--s3--session_token_secret_key_ref))
+- `tls` (Attributes) TLS provides the configuration required to establish TLS connections with S3. (see [below for nested schema](#nestedatt--spec--storage--s3--tls))
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
+<a id="nestedatt--spec--storage--s3--access_key_id_secret_key_ref"></a>
+### Nested Schema for `spec.storage.s3.access_key_id_secret_key_ref`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `name` (String)
 
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
+<a id="nestedatt--spec--storage--s3--secret_access_key_secret_key_ref"></a>
+### Nested Schema for `spec.storage.s3.secret_access_key_secret_key_ref`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
+- `name` (String)
 
 
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--storage--s3--session_token_secret_key_ref"></a>
+### Nested Schema for `spec.storage.s3.session_token_secret_key_ref`
 
 Required:
 
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
+- `key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
+- `name` (String)
 
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+<a id="nestedatt--spec--storage--s3--tls"></a>
+### Nested Schema for `spec.storage.s3.tls`
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
+- `ca_secret_key_ref` (Attributes) CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. (see [below for nested schema](#nestedatt--spec--storage--s3--tls--ca_secret_key_ref))
+- `enabled` (Boolean) Enabled is a flag to enable TLS.
 
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
+<a id="nestedatt--spec--storage--s3--tls--ca_secret_key_ref"></a>
+### Nested Schema for `spec.storage.s3.tls.ca_secret_key_ref`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity"></a>
-### Nested Schema for `spec.affinity.pod_affinity`
+- `key` (String)
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
+- `name` (String)
 
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 
-Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
+<a id="nestedatt--spec--storage--volume"></a>
+### Nested Schema for `spec.storage.volume`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `csi` (Attributes) Represents a source location of a volume to mount, managed by an external CSI driver (see [below for nested schema](#nestedatt--spec--storage--volume--csi))
+- `empty_dir` (Attributes) Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volume--empty_dir))
+- `nfs` (Attributes) Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling. (see [below for nested schema](#nestedatt--spec--storage--volume--nfs))
+- `persistent_volume_claim` (Attributes) PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system). (see [below for nested schema](#nestedatt--spec--storage--volume--persistent_volume_claim))
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
+<a id="nestedatt--spec--storage--volume--csi"></a>
+### Nested Schema for `spec.storage.volume.csi`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--storage--volume--csi--node_publish_secret_ref))
+- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
+<a id="nestedatt--spec--storage--volume--csi--node_publish_secret_ref"></a>
+### Nested Schema for `spec.storage.volume.csi.node_publish_secret_ref`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--storage--volume--empty_dir"></a>
+### Nested Schema for `spec.storage.volume.empty_dir`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
+- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--storage--volume--nfs"></a>
+### Nested Schema for `spec.storage.volume.nfs`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
+- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
+<a id="nestedatt--spec--storage--volume--persistent_volume_claim"></a>
+### Nested Schema for `spec.storage.volume.persistent_volume_claim`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
+- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--affinity"></a>
+### Nested Schema for `spec.affinity`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
+- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
@@ -1358,28 +345,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
@@ -1387,15 +352,11 @@ Optional:
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
@@ -1419,28 +380,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 
@@ -1449,7 +388,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--inherit_metadata"></a>
@@ -1549,21 +488,8 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--resources--claims"></a>
-### Nested Schema for `spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
 <a id="nestedatt--spec--schedule"></a>
@@ -1583,30 +509,13 @@ Optional:
 
 Optional:
 
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--security_context--windows_options))
-
-<a id="nestedatt--spec--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
 <a id="nestedatt--spec--security_context--capabilities"></a>
 ### Nested Schema for `spec.security_context.capabilities`
@@ -1617,40 +526,6 @@ Optional:
 - `drop` (List of String) Removed capabilities
 
 
-<a id="nestedatt--spec--security_context--se_linux_options"></a>
-### Nested Schema for `spec.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--security_context--windows_options"></a>
-### Nested Schema for `spec.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
 
 <a id="nestedatt--spec--tolerations"></a>
 ### Nested Schema for `spec.tolerations`
diff --git a/docs/data-sources/k8s_mariadb_com_connection_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_connection_v1alpha1_manifest.md
index 24ac13a72..1548ad45b 100644
--- a/docs/data-sources/k8s_mariadb_com_connection_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_connection_v1alpha1_manifest.md
@@ -76,12 +76,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--health_check"></a>
@@ -98,13 +97,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
 
@@ -113,13 +107,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 
 
 <a id="nestedatt--spec--secret_template"></a>
diff --git a/docs/data-sources/k8s_mariadb_com_database_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_database_v1alpha1_manifest.md
index a1cd5ab0c..80ca5a195 100644
--- a/docs/data-sources/k8s_mariadb_com_database_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_database_v1alpha1_manifest.md
@@ -71,11 +71,6 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
diff --git a/docs/data-sources/k8s_mariadb_com_grant_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_grant_v1alpha1_manifest.md
index 765114b54..5a35f91f6 100644
--- a/docs/data-sources/k8s_mariadb_com_grant_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_grant_v1alpha1_manifest.md
@@ -74,11 +74,6 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
diff --git a/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md
index 3f0021fa3..46f43017d 100644
--- a/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_maria_db_v1alpha1_manifest.md
@@ -113,169 +113,169 @@ Optional:
 Optional:
 
 - `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
 
-<a id="nestedatt--spec--affinity--node_affinity"></a>
-### Nested Schema for `spec.affinity.node_affinity`
+<a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
+<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
-Optional:
+Required:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
+- `topology_key` (String)
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
+Optional:
 
-Required:
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
+<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
 
 
 
 
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
+- `topology_key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
+<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
+### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
 
 
 
 
 
-<a id="nestedatt--spec--affinity--pod_affinity"></a>
-### Nested Schema for `spec.affinity.pod_affinity`
+<a id="nestedatt--spec--bootstrap_from"></a>
+### Nested Schema for `spec.bootstrap_from`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
+- `backup_ref` (Attributes) BackupRef is a reference to a Backup object. It has priority over S3 and Volume. (see [below for nested schema](#nestedatt--spec--bootstrap_from--backup_ref))
+- `restore_job` (Attributes) RestoreJob defines additional properties for the Job used to perform the Restore. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job))
+- `s3` (Attributes) S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3))
+- `target_recovery_time` (String) TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time.
+- `volume` (Attributes) Volume is a Kubernetes Volume object that contains a backup. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume))
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--bootstrap_from--backup_ref"></a>
+### Nested Schema for `spec.bootstrap_from.backup_ref`
 
-Required:
+Optional:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `name` (String)
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
-Required:
+<a id="nestedatt--spec--bootstrap_from--restore_job"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job`
+
+Optional:
+
+- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity))
+- `args` (List of String) Args to be used in the Container.
+- `metadata` (Attributes) Metadata defines additional metadata for the bootstrap Jobs. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--metadata))
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--resources))
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity`
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity))
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
-Optional:
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+Required:
 
+- `topology_key` (String)
+
+Optional:
 
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
 
 Required:
 
@@ -290,31 +290,27 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
+<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
 Required:
 
@@ -327,566 +323,625 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
 
-Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
+<a id="nestedatt--spec--bootstrap_from--restore_job--metadata"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.metadata`
 
-Required:
+Optional:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
+
+<a id="nestedatt--spec--bootstrap_from--restore_job--resources"></a>
+### Nested Schema for `spec.bootstrap_from.restore_job.resources`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
 
+<a id="nestedatt--spec--bootstrap_from--s3"></a>
+### Nested Schema for `spec.bootstrap_from.s3`
 
+Required:
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity`
+- `access_key_id_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--access_key_id_secret_key_ref))
+- `bucket` (String) Bucket is the name Name of the bucket to store backups.
+- `endpoint` (String) Endpoint is the S3 API endpoint without scheme.
+- `secret_access_key_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--secret_access_key_secret_key_ref))
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `prefix` (String) Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
+- `region` (String) Region is the S3 region name to use.
+- `session_token_secret_key_ref` (Attributes) SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--session_token_secret_key_ref))
+- `tls` (Attributes) TLS provides the configuration required to establish TLS connections with S3. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--tls))
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--bootstrap_from--s3--access_key_id_secret_key_ref"></a>
+### Nested Schema for `spec.bootstrap_from.s3.access_key_id_secret_key_ref`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `key` (String)
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
+Optional:
 
-Required:
+- `name` (String)
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 
-Optional:
+<a id="nestedatt--spec--bootstrap_from--s3--secret_access_key_secret_key_ref"></a>
+### Nested Schema for `spec.bootstrap_from.s3.secret_access_key_secret_key_ref`
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+Required:
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
+- `key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String)
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
+
+<a id="nestedatt--spec--bootstrap_from--s3--session_token_secret_key_ref"></a>
+### Nested Schema for `spec.bootstrap_from.s3.session_token_secret_key_ref`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
+- `name` (String)
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
+<a id="nestedatt--spec--bootstrap_from--s3--tls"></a>
+### Nested Schema for `spec.bootstrap_from.s3.tls`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `ca_secret_key_ref` (Attributes) CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--tls--ca_secret_key_ref))
+- `enabled` (Boolean) Enabled is a flag to enable TLS.
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
+<a id="nestedatt--spec--bootstrap_from--s3--tls--ca_secret_key_ref"></a>
+### Nested Schema for `spec.bootstrap_from.s3.tls.ca_secret_key_ref`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `name` (String)
+
 
 
 
+<a id="nestedatt--spec--bootstrap_from--volume"></a>
+### Nested Schema for `spec.bootstrap_from.volume`
 
+Optional:
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
+- `csi` (Attributes) Represents a source location of a volume to mount, managed by an external CSI driver (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--csi))
+- `empty_dir` (Attributes) Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--empty_dir))
+- `nfs` (Attributes) Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--nfs))
+- `persistent_volume_claim` (Attributes) PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system). (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--persistent_volume_claim))
+
+<a id="nestedatt--spec--bootstrap_from--volume--csi"></a>
+### Nested Schema for `spec.bootstrap_from.volume.csi`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--csi--node_publish_secret_ref))
+- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
+<a id="nestedatt--spec--bootstrap_from--volume--csi--node_publish_secret_ref"></a>
+### Nested Schema for `spec.bootstrap_from.volume.csi.node_publish_secret_ref`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--bootstrap_from--volume--empty_dir"></a>
+### Nested Schema for `spec.bootstrap_from.volume.empty_dir`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 
+<a id="nestedatt--spec--bootstrap_from--volume--nfs"></a>
+### Nested Schema for `spec.bootstrap_from.volume.nfs`
+
+Required:
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
+- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
+
+<a id="nestedatt--spec--bootstrap_from--volume--persistent_volume_claim"></a>
+### Nested Schema for `spec.bootstrap_from.volume.persistent_volume_claim`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
 
 
 
 
-<a id="nestedatt--spec--bootstrap_from"></a>
-### Nested Schema for `spec.bootstrap_from`
+<a id="nestedatt--spec--connection"></a>
+### Nested Schema for `spec.connection`
 
 Optional:
 
-- `backup_ref` (Attributes) BackupRef is a reference to a Backup object. It has priority over S3 and Volume. (see [below for nested schema](#nestedatt--spec--bootstrap_from--backup_ref))
-- `restore_job` (Attributes) RestoreJob defines additional properties for the Job used to perform the Restore. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job))
-- `s3` (Attributes) S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3))
-- `target_recovery_time` (String) TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. It is used to determine the closest restoration source in time.
-- `volume` (Attributes) Volume is a Kubernetes Volume object that contains a backup. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume))
+- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--connection--health_check))
+- `params` (Map of String) Params to be used in the Connection.
+- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
+- `secret_name` (String) SecretName to be used in the Connection.
+- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--connection--secret_template))
+- `service_name` (String) ServiceName to be used in the Connection.
 
-<a id="nestedatt--spec--bootstrap_from--backup_ref"></a>
-### Nested Schema for `spec.bootstrap_from.backup_ref`
+<a id="nestedatt--spec--connection--health_check"></a>
+### Nested Schema for `spec.connection.health_check`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `interval` (String) Interval used to perform health checks.
+- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job`
+<a id="nestedatt--spec--connection--secret_template"></a>
+### Nested Schema for `spec.connection.secret_template`
 
 Optional:
 
-- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity))
-- `args` (List of String) Args to be used in the Container.
-- `metadata` (Attributes) Metadata defines additional metadata for the bootstrap Jobs. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--metadata))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--resources))
+- `database_key` (String) DatabaseKey to be used in the Secret.
+- `format` (String) Format to be used in the Secret.
+- `host_key` (String) HostKey to be used in the Secret.
+- `key` (String) Key to be used in the Secret.
+- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--connection--secret_template--metadata))
+- `password_key` (String) PasswordKey to be used in the Secret.
+- `port_key` (String) PortKey to be used in the Secret.
+- `username_key` (String) UsernameKey to be used in the Secret.
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity`
+<a id="nestedatt--spec--connection--secret_template--metadata"></a>
+### Nested Schema for `spec.connection.secret_template.metadata`
 
 Optional:
 
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity))
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity`
 
-Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--env"></a>
+### Nested Schema for `spec.env`
 
 Required:
 
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
+
+Optional:
+
+- `value` (String)
+- `value_from` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvarsource-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
+<a id="nestedatt--spec--env--value_from"></a>
+### Nested Schema for `spec.env.value_from`
 
 Optional:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
+- `config_map_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#configmapkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--config_map_key_ref))
+- `field_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectfieldselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--field_ref))
+- `secret_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--secret_key_ref))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
+<a id="nestedatt--spec--env--value_from--config_map_key_ref"></a>
+### Nested Schema for `spec.env.value_from.config_map_key_ref`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
+<a id="nestedatt--spec--env--value_from--field_ref"></a>
+### Nested Schema for `spec.env.value_from.field_ref`
 
 Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+- `field_path` (String)
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
+- `api_version` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--env--value_from--secret_key_ref"></a>
+### Nested Schema for `spec.env.value_from.secret_key_ref`
 
 Required:
 
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
+- `key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
+- `name` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
 
-Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+<a id="nestedatt--spec--env_from"></a>
+### Nested Schema for `spec.env_from`
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `config_map_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--env_from--config_map_ref))
+- `prefix` (String)
+- `secret_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--env_from--secret_ref))
+
+<a id="nestedatt--spec--env_from--config_map_ref"></a>
+### Nested Schema for `spec.env_from.config_map_ref`
 
+Optional:
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
+- `name` (String)
 
-Required:
 
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+<a id="nestedatt--spec--env_from--secret_ref"></a>
+### Nested Schema for `spec.env_from.secret_ref`
 
 Optional:
 
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+- `name` (String)
 
 
 
+<a id="nestedatt--spec--galera"></a>
+### Nested Schema for `spec.galera`
+
+Optional:
 
+- `agent` (Attributes) GaleraAgent is a sidecar agent that co-operates with mariadb-operator. (see [below for nested schema](#nestedatt--spec--galera--agent))
+- `available_when_donor` (Boolean) AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.
+- `config` (Attributes) GaleraConfig defines storage options for the Galera configuration files. (see [below for nested schema](#nestedatt--spec--galera--config))
+- `enabled` (Boolean) Enabled is a flag to enable Galera.
+- `galera_lib_path` (String) GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided. More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider.
+- `init_container` (Attributes) InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator. (see [below for nested schema](#nestedatt--spec--galera--init_container))
+- `init_job` (Attributes) InitJob defines a Job that co-operates with mariadb-operator by performing initialization tasks. (see [below for nested schema](#nestedatt--spec--galera--init_job))
+- `primary` (Attributes) Primary is the Galera configuration for the primary node. (see [below for nested schema](#nestedatt--spec--galera--primary))
+- `provider_options` (Map of String) ProviderOptions is map of Galera configuration parameters. More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options.
+- `recovery` (Attributes) GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy. More info: https://galeracluster.com/library/documentation/crash-recovery.html. (see [below for nested schema](#nestedatt--spec--galera--recovery))
+- `replica_threads` (Number) ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel. More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads.
+- `sst` (String) SST is the Snapshot State Transfer used when new Pods join the cluster. More info: https://galeracluster.com/library/documentation/sst.html.
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity`
+<a id="nestedatt--spec--galera--agent"></a>
+### Nested Schema for `spec.galera.agent`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
+- `args` (List of String) Args to be used in the Container.
+- `basic_auth` (Attributes) BasicAuth to be used by the agent container (see [below for nested schema](#nestedatt--spec--galera--agent--basic_auth))
+- `command` (List of String) Command to be used in the Container.
+- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--galera--agent--env))
+- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--galera--agent--env_from))
+- `graceful_shutdown_timeout` (String) GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests.
+- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `kubernetes_auth` (Attributes) KubernetesAuth to be used by the agent container (see [below for nested schema](#nestedatt--spec--galera--agent--kubernetes_auth))
+- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe))
+- `port` (Number) Port where the agent will be listening for connections.
+- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe))
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--agent--resources))
+- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context))
+- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--volume_mounts))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--galera--agent--basic_auth"></a>
+### Nested Schema for `spec.galera.agent.basic_auth`
 
-Required:
+Optional:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `enabled` (Boolean) Enabled is a flag to enable BasicAuth
+- `password_secret_key_ref` (Attributes) PasswordSecretKeyRef to be used for basic authentication (see [below for nested schema](#nestedatt--spec--galera--agent--basic_auth--password_secret_key_ref))
+- `username` (String) Username to be used for basic authentication
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
+<a id="nestedatt--spec--galera--agent--basic_auth--password_secret_key_ref"></a>
+### Nested Schema for `spec.galera.agent.basic_auth.password_secret_key_ref`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
-Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
+<a id="nestedatt--spec--galera--agent--env"></a>
+### Nested Schema for `spec.galera.agent.env`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `value` (String)
+- `value_from` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvarsource-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
+<a id="nestedatt--spec--galera--agent--env--value_from"></a>
+### Nested Schema for `spec.galera.agent.env.value_from`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `config_map_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#configmapkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--config_map_key_ref))
+- `field_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectfieldselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--field_ref))
+- `secret_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--secret_key_ref))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
+<a id="nestedatt--spec--galera--agent--env--value_from--config_map_key_ref"></a>
+### Nested Schema for `spec.galera.agent.env.value_from.config_map_key_ref`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `name` (String)
 
 
+<a id="nestedatt--spec--galera--agent--env--value_from--field_ref"></a>
+### Nested Schema for `spec.galera.agent.env.value_from.field_ref`
 
+Required:
 
+- `field_path` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
+Optional:
 
-Required:
+- `api_version` (String)
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 
-Optional:
+<a id="nestedatt--spec--galera--agent--env--value_from--secret_key_ref"></a>
+### Nested Schema for `spec.galera.agent.env.value_from.secret_key_ref`
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
+- `key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+<a id="nestedatt--spec--galera--agent--env_from"></a>
+### Nested Schema for `spec.galera.agent.env_from`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `config_map_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env_from--config_map_ref))
+- `prefix` (String)
+- `secret_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--env_from--secret_ref))
+
+<a id="nestedatt--spec--galera--agent--env_from--config_map_ref"></a>
+### Nested Schema for `spec.galera.agent.env_from.config_map_ref`
 
+Optional:
+
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
+<a id="nestedatt--spec--galera--agent--env_from--secret_ref"></a>
+### Nested Schema for `spec.galera.agent.env_from.secret_ref`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--galera--agent--kubernetes_auth"></a>
+### Nested Schema for `spec.galera.agent.kubernetes_auth`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `auth_delegator_role_name` (String) AuthDelegatorRoleName is the name of the ClusterRoleBinding that is associated with the 'system:auth-delegator' ClusterRole. It is necessary for creating TokenReview objects in order for the agent to validate the service account token.
+- `enabled` (Boolean) Enabled is a flag to enable KubernetesAuth
 
 
+<a id="nestedatt--spec--galera--agent--liveness_probe"></a>
+### Nested Schema for `spec.galera.agent.liveness_probe`
 
+Optional:
 
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity`
+<a id="nestedatt--spec--galera--agent--liveness_probe--exec"></a>
+### Nested Schema for `spec.galera.agent.liveness_probe.exec`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `command` (List of String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
+
+<a id="nestedatt--spec--galera--agent--liveness_probe--http_get"></a>
+### Nested Schema for `spec.galera.agent.liveness_probe.http_get`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `port` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
+Optional:
+
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
-Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+<a id="nestedatt--spec--galera--agent--readiness_probe"></a>
+### Nested Schema for `spec.galera.agent.readiness_probe`
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
+<a id="nestedatt--spec--galera--agent--readiness_probe--exec"></a>
+### Nested Schema for `spec.galera.agent.readiness_probe.exec`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `command` (List of String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
+
+<a id="nestedatt--spec--galera--agent--readiness_probe--http_get"></a>
+### Nested Schema for `spec.galera.agent.readiness_probe.http_get`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `port` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
+<a id="nestedatt--spec--galera--agent--resources"></a>
+### Nested Schema for `spec.galera.agent.resources`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--galera--agent--security_context"></a>
+### Nested Schema for `spec.galera.agent.security_context`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
+
+<a id="nestedatt--spec--galera--agent--security_context--capabilities"></a>
+### Nested Schema for `spec.galera.agent.security_context.capabilities`
 
+Optional:
 
+- `add` (List of String) Added capabilities
+- `drop` (List of String) Removed capabilities
 
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
+<a id="nestedatt--spec--galera--agent--volume_mounts"></a>
+### Nested Schema for `spec.galera.agent.volume_mounts`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `read_only` (Boolean)
+- `sub_path` (String)
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
+
+
+<a id="nestedatt--spec--galera--config"></a>
+### Nested Schema for `spec.galera.config`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `reuse_storage_volume` (Boolean) ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files. It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned.
+- `volume_claim_template` (Attributes) VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
+<a id="nestedatt--spec--galera--config--volume_claim_template"></a>
+### Nested Schema for `spec.galera.config.volume_claim_template`
 
-Required:
+Optional:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `access_modes` (List of String)
+- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--metadata))
+- `resources` (Attributes) VolumeResourceRequirements describes the storage resource requirements for a volume. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--resources))
+- `selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--selector))
+- `storage_class_name` (String)
+
+<a id="nestedatt--spec--galera--config--volume_claim_template--metadata"></a>
+### Nested Schema for `spec.galera.config.volume_claim_template.metadata`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
+
+<a id="nestedatt--spec--galera--config--volume_claim_template--resources"></a>
+### Nested Schema for `spec.galera.config.volume_claim_template.resources`
+
+Optional:
 
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
+<a id="nestedatt--spec--galera--config--volume_claim_template--selector"></a>
+### Nested Schema for `spec.galera.config.volume_claim_template.selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
+<a id="nestedatt--spec--galera--config--volume_claim_template--selector--match_expressions"></a>
+### Nested Schema for `spec.galera.config.volume_claim_template.selector.match_expressions`
 
 Required:
 
@@ -901,668 +956,595 @@ Optional:
 
 
 
+<a id="nestedatt--spec--galera--init_container"></a>
+### Nested Schema for `spec.galera.init_container`
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--metadata"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--resources"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.resources`
+- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--bootstrap_from--restore_job--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `args` (List of String) Args to be used in the Container.
+- `command` (List of String) Command to be used in the Container.
+- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--galera--init_container--env))
+- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from))
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe))
+- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe))
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--init_container--resources))
+- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context))
+- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--volume_mounts))
 
-<a id="nestedatt--spec--bootstrap_from--restore_job--resources--claims"></a>
-### Nested Schema for `spec.bootstrap_from.restore_job.resources.claims`
+<a id="nestedatt--spec--galera--init_container--env"></a>
+### Nested Schema for `spec.galera.init_container.env`
 
 Required:
 
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
 
 Optional:
 
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+- `value` (String)
+- `value_from` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvarsource-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from))
 
+<a id="nestedatt--spec--galera--init_container--env--value_from"></a>
+### Nested Schema for `spec.galera.init_container.env.value_from`
 
+Optional:
 
+- `config_map_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#configmapkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--config_map_key_ref))
+- `field_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectfieldselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--field_ref))
+- `secret_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--secret_key_ref))
 
-<a id="nestedatt--spec--bootstrap_from--s3"></a>
-### Nested Schema for `spec.bootstrap_from.s3`
+<a id="nestedatt--spec--galera--init_container--env--value_from--config_map_key_ref"></a>
+### Nested Schema for `spec.galera.init_container.env.value_from.config_map_key_ref`
 
 Required:
 
-- `access_key_id_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--access_key_id_secret_key_ref))
-- `bucket` (String) Bucket is the name Name of the bucket to store backups.
-- `endpoint` (String) Endpoint is the S3 API endpoint without scheme.
-- `secret_access_key_secret_key_ref` (Attributes) AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--secret_access_key_secret_key_ref))
+- `key` (String)
 
 Optional:
 
-- `prefix` (String) Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
-- `region` (String) Region is the S3 region name to use.
-- `session_token_secret_key_ref` (Attributes) SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--session_token_secret_key_ref))
-- `tls` (Attributes) TLS provides the configuration required to establish TLS connections with S3. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--tls))
+- `name` (String)
 
-<a id="nestedatt--spec--bootstrap_from--s3--access_key_id_secret_key_ref"></a>
-### Nested Schema for `spec.bootstrap_from.s3.access_key_id_secret_key_ref`
+
+<a id="nestedatt--spec--galera--init_container--env--value_from--field_ref"></a>
+### Nested Schema for `spec.galera.init_container.env.value_from.field_ref`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `field_path` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `api_version` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--s3--secret_access_key_secret_key_ref"></a>
-### Nested Schema for `spec.bootstrap_from.s3.secret_access_key_secret_key_ref`
+<a id="nestedatt--spec--galera--init_container--env--value_from--secret_key_ref"></a>
+### Nested Schema for `spec.galera.init_container.env.value_from.secret_key_ref`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--s3--session_token_secret_key_ref"></a>
-### Nested Schema for `spec.bootstrap_from.s3.session_token_secret_key_ref`
 
-Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--galera--init_container--env_from"></a>
+### Nested Schema for `spec.galera.init_container.env_from`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `config_map_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from--config_map_ref))
+- `prefix` (String)
+- `secret_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from--secret_ref))
 
-<a id="nestedatt--spec--bootstrap_from--s3--tls"></a>
-### Nested Schema for `spec.bootstrap_from.s3.tls`
+<a id="nestedatt--spec--galera--init_container--env_from--config_map_ref"></a>
+### Nested Schema for `spec.galera.init_container.env_from.config_map_ref`
 
 Optional:
 
-- `ca_secret_key_ref` (Attributes) CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. (see [below for nested schema](#nestedatt--spec--bootstrap_from--s3--tls--ca_secret_key_ref))
-- `enabled` (Boolean) Enabled is a flag to enable TLS.
-
-<a id="nestedatt--spec--bootstrap_from--s3--tls--ca_secret_key_ref"></a>
-### Nested Schema for `spec.bootstrap_from.s3.tls.ca_secret_key_ref`
+- `name` (String)
 
-Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--galera--init_container--env_from--secret_ref"></a>
+### Nested Schema for `spec.galera.init_container.env_from.secret_ref`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `name` (String)
 
 
 
-<a id="nestedatt--spec--bootstrap_from--volume"></a>
-### Nested Schema for `spec.bootstrap_from.volume`
+<a id="nestedatt--spec--galera--init_container--liveness_probe"></a>
+### Nested Schema for `spec.galera.init_container.liveness_probe`
 
 Optional:
 
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--vsphere_volume))
-
-<a id="nestedatt--spec--bootstrap_from--volume--aws_elastic_block_store"></a>
-### Nested Schema for `spec.bootstrap_from.volume.aws_elastic_block_store`
-
-Required:
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+<a id="nestedatt--spec--galera--init_container--liveness_probe--exec"></a>
+### Nested Schema for `spec.galera.init_container.liveness_probe.exec`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+- `command` (List of String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--azure_disk"></a>
-### Nested Schema for `spec.bootstrap_from.volume.azure_disk`
+<a id="nestedatt--spec--galera--init_container--liveness_probe--http_get"></a>
+### Nested Schema for `spec.galera.init_container.liveness_probe.http_get`
 
 Required:
 
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
+- `port` (String)
 
 Optional:
 
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--azure_file"></a>
-### Nested Schema for `spec.bootstrap_from.volume.azure_file`
 
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
+<a id="nestedatt--spec--galera--init_container--readiness_probe"></a>
+### Nested Schema for `spec.galera.init_container.readiness_probe`
 
 Optional:
 
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
+<a id="nestedatt--spec--galera--init_container--readiness_probe--exec"></a>
+### Nested Schema for `spec.galera.init_container.readiness_probe.exec`
 
-<a id="nestedatt--spec--bootstrap_from--volume--cephfs"></a>
-### Nested Schema for `spec.bootstrap_from.volume.cephfs`
+Optional:
 
-Required:
+- `command` (List of String)
 
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 
-Optional:
+<a id="nestedatt--spec--galera--init_container--readiness_probe--http_get"></a>
+### Nested Schema for `spec.galera.init_container.readiness_probe.http_get`
 
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--volume--cephfs--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.cephfs.secret_ref`
+- `port` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--cinder"></a>
-### Nested Schema for `spec.bootstrap_from.volume.cinder`
-
-Required:
 
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+<a id="nestedatt--spec--galera--init_container--resources"></a>
+### Nested Schema for `spec.galera.init_container.resources`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--cinder--secret_ref))
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
-<a id="nestedatt--spec--bootstrap_from--volume--cinder--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.cinder.secret_ref`
+
+<a id="nestedatt--spec--galera--init_container--security_context"></a>
+### Nested Schema for `spec.galera.init_container.security_context`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
+<a id="nestedatt--spec--galera--init_container--security_context--capabilities"></a>
+### Nested Schema for `spec.galera.init_container.security_context.capabilities`
 
+Optional:
 
-<a id="nestedatt--spec--bootstrap_from--volume--config_map"></a>
-### Nested Schema for `spec.bootstrap_from.volume.config_map`
+- `add` (List of String) Added capabilities
+- `drop` (List of String) Removed capabilities
 
-Optional:
 
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
 
-<a id="nestedatt--spec--bootstrap_from--volume--config_map--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.config_map.items`
+<a id="nestedatt--spec--galera--init_container--volume_mounts"></a>
+### Nested Schema for `spec.galera.init_container.volume_mounts`
 
 Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+- `read_only` (Boolean)
+- `sub_path` (String)
 
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--csi"></a>
-### Nested Schema for `spec.bootstrap_from.volume.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+<a id="nestedatt--spec--galera--init_job"></a>
+### Nested Schema for `spec.galera.init_job`
 
 Optional:
 
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+- `metadata` (Attributes) Metadata defines additional metadata for the Galera init Job. (see [below for nested schema](#nestedatt--spec--galera--init_job--metadata))
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--init_job--resources))
 
-<a id="nestedatt--spec--bootstrap_from--volume--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.csi.node_publish_secret_ref`
+<a id="nestedatt--spec--galera--init_job--metadata"></a>
+### Nested Schema for `spec.galera.init_job.metadata`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--downward_api"></a>
-### Nested Schema for `spec.bootstrap_from.volume.downward_api`
+<a id="nestedatt--spec--galera--init_job--resources"></a>
+### Nested Schema for `spec.galera.init_job.resources`
 
 Optional:
 
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--downward_api--items))
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
-<a id="nestedatt--spec--bootstrap_from--volume--downward_api--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.downward_api.items`
 
-Required:
 
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+<a id="nestedatt--spec--galera--primary"></a>
+### Nested Schema for `spec.galera.primary`
 
 Optional:
 
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--bootstrap_from--volume--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.downward_api.items.field_ref`
+- `automatic_failover` (Boolean) AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
+- `pod_index` (Number) PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
 
-Required:
 
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--galera--recovery"></a>
+### Nested Schema for `spec.galera.recovery`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
+- `cluster_bootstrap_timeout` (String) ClusterBootstrapTimeout is the time limit for bootstrapping a cluster. Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted.
+- `cluster_healthy_timeout` (String) ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks, is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator.
+- `cluster_monitor_interval` (String) ClusterMonitorInterval represents the interval used to monitor the Galera cluster health.
+- `enabled` (Boolean) Enabled is a flag to enable GaleraRecovery.
+- `force_cluster_bootstrap_in_pod` (String) ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod. IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss. IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery.
+- `job` (Attributes) Job defines a Job that co-operates with mariadb-operator by performing the Galera cluster recovery . (see [below for nested schema](#nestedatt--spec--galera--recovery--job))
+- `min_cluster_size` (String) MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%). If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated. It defaults to '1' replica.
+- `pod_recovery_timeout` (String) PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery.
+- `pod_sync_timeout` (String) PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery.
 
+<a id="nestedatt--spec--galera--recovery--job"></a>
+### Nested Schema for `spec.galera.recovery.job`
 
-<a id="nestedatt--spec--bootstrap_from--volume--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.downward_api.items.resource_field_ref`
+Optional:
 
-Required:
+- `metadata` (Attributes) Metadata defines additional metadata for the Galera recovery Jobs. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--metadata))
+- `pod_affinity` (Boolean) PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--resources))
 
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--galera--recovery--job--metadata"></a>
+### Nested Schema for `spec.galera.recovery.job.metadata`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
 
+<a id="nestedatt--spec--galera--recovery--job--resources"></a>
+### Nested Schema for `spec.galera.recovery.job.resources`
 
+Optional:
 
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
-<a id="nestedatt--spec--bootstrap_from--volume--empty_dir"></a>
-### Nested Schema for `spec.bootstrap_from.volume.empty_dir`
 
-Optional:
 
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral`
+<a id="nestedatt--spec--image_pull_secrets"></a>
+### Nested Schema for `spec.image_pull_secrets`
 
 Optional:
 
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template`
+- `name` (String)
 
-Required:
 
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec))
+<a id="nestedatt--spec--inherit_metadata"></a>
+### Nested Schema for `spec.inherit_metadata`
 
 Optional:
 
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec`
+<a id="nestedatt--spec--init_containers"></a>
+### Nested Schema for `spec.init_containers`
 
-Optional:
+Required:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `image` (String) Image name to be used by the container. The supported format is '<image>:<tag>'.
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec.data_source`
+Optional:
 
-Required:
+- `args` (List of String) Args to be used in the Container.
+- `command` (List of String) Command to be used in the Container.
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--init_containers--resources))
+- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--volume_mounts))
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+<a id="nestedatt--spec--init_containers--resources"></a>
+### Nested Schema for `spec.init_containers.resources`
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec.data_source_ref`
+<a id="nestedatt--spec--init_containers--volume_mounts"></a>
+### Nested Schema for `spec.init_containers.volume_mounts`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+- `read_only` (Boolean)
+- `sub_path` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec.resources`
 
-Optional:
+<a id="nestedatt--spec--liveness_probe"></a>
+### Nested Schema for `spec.liveness_probe`
 
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+Optional:
 
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--liveness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec.selector`
+<a id="nestedatt--spec--liveness_probe--exec"></a>
+### Nested Schema for `spec.liveness_probe.exec`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `command` (List of String)
+
 
-<a id="nestedatt--spec--bootstrap_from--volume--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.volume.ephemeral.volume_claim_template.spec.selector.match_expressions`
+<a id="nestedatt--spec--liveness_probe--http_get"></a>
+### Nested Schema for `spec.liveness_probe.http_get`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `port` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
 
 
+<a id="nestedatt--spec--max_scale"></a>
+### Nested Schema for `spec.max_scale`
 
+Optional:
 
+- `admin` (Attributes) Admin configures the admin REST API and GUI. (see [below for nested schema](#nestedatt--spec--max_scale--admin))
+- `auth` (Attributes) Auth defines the credentials required for MaxScale to connect to MariaDB. (see [below for nested schema](#nestedatt--spec--max_scale--auth))
+- `config` (Attributes) Config defines the MaxScale configuration. (see [below for nested schema](#nestedatt--spec--max_scale--config))
+- `connection` (Attributes) Connection provides a template to define the Connection for MaxScale. (see [below for nested schema](#nestedatt--spec--max_scale--connection))
+- `enabled` (Boolean) Enabled is a flag to enable a MaxScale instance to be used with the current MariaDB.
+- `gui_kubernetes_service` (Attributes) GuiKubernetesService define a template for a Kubernetes Service object to connect to MaxScale's GUI. (see [below for nested schema](#nestedatt--spec--max_scale--gui_kubernetes_service))
+- `image` (String) Image name to be used by the MaxScale instances. The supported format is '<image>:<tag>'. Only MariaDB official images are supported.
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `kubernetes_service` (Attributes) KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale. (see [below for nested schema](#nestedatt--spec--max_scale--kubernetes_service))
+- `metrics` (Attributes) Metrics configures metrics and how to scrape them. (see [below for nested schema](#nestedatt--spec--max_scale--metrics))
+- `monitor` (Attributes) Monitor monitors MariaDB server instances. (see [below for nested schema](#nestedatt--spec--max_scale--monitor))
+- `pod_disruption_budget` (Attributes) PodDisruptionBudget defines the budget for replica availability. (see [below for nested schema](#nestedatt--spec--max_scale--pod_disruption_budget))
+- `replicas` (Number) Replicas indicates the number of desired instances.
+- `requeue_interval` (String) RequeueInterval is used to perform requeue reconciliations.
+- `services` (Attributes List) Services define how the traffic is forwarded to the MariaDB servers. (see [below for nested schema](#nestedatt--spec--max_scale--services))
+- `update_strategy` (Attributes) UpdateStrategy defines the update strategy for the StatefulSet object. (see [below for nested schema](#nestedatt--spec--max_scale--update_strategy))
 
-<a id="nestedatt--spec--bootstrap_from--volume--fc"></a>
-### Nested Schema for `spec.bootstrap_from.volume.fc`
+<a id="nestedatt--spec--max_scale--admin"></a>
+### Nested Schema for `spec.max_scale.admin`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+- `gui_enabled` (Boolean) GuiEnabled indicates whether the admin GUI should be enabled.
+- `port` (Number) Port where the admin REST API and GUI will be exposed.
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--flex_volume"></a>
-### Nested Schema for `spec.bootstrap_from.volume.flex_volume`
+<a id="nestedatt--spec--max_scale--auth"></a>
+### Nested Schema for `spec.max_scale.auth`
 
-Required:
+Optional:
 
-- `driver` (String) driver is the name of the driver to use for this volume.
+- `admin_password_secret_key_ref` (Attributes) AdminPasswordSecretKeyRef is Secret key reference to the admin password to call the admin REST API. It is defaulted if not provided. (see [below for nested schema](#nestedatt--spec--max_scale--auth--admin_password_secret_key_ref))
+- `admin_username` (String) AdminUsername is an admin username to call the admin REST API. It is defaulted if not provided.
+- `client_max_connections` (Number) ClientMaxConnections defines the maximum number of connections that the client can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
+- `client_password_secret_key_ref` (Attributes) ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--client_password_secret_key_ref))
+- `client_username` (String) ClientUsername is the user to connect to MaxScale. It is defaulted if not provided.
+- `delete_default_admin` (Boolean) DeleteDefaultAdmin determines whether the default admin user should be deleted after the initial configuration. If not provided, it defaults to true.
+- `generate` (Boolean) Generate defies whether the operator should generate users and grants for MaxScale to work. It only supports MariaDBs specified via spec.mariaDbRef.
+- `metrics_password_secret_key_ref` (Attributes) MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--metrics_password_secret_key_ref))
+- `metrics_username` (String) MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled.
+- `monitor_max_connections` (Number) MonitorMaxConnections defines the maximum number of connections that the monitor can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
+- `monitor_password_secret_key_ref` (Attributes) MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--monitor_password_secret_key_ref))
+- `monitor_username` (String) MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.
+- `server_max_connections` (Number) ServerMaxConnections defines the maximum number of connections that the server can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
+- `server_password_secret_key_ref` (Attributes) ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--server_password_secret_key_ref))
+- `server_username` (String) ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided.
+- `sync_max_connections` (Number) SyncMaxConnections defines the maximum number of connections that the sync can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
+- `sync_password_secret_key_ref` (Attributes) SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--sync_password_secret_key_ref))
+- `sync_username` (String) MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled.
 
-Optional:
+<a id="nestedatt--spec--max_scale--auth--admin_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.admin_password_secret_key_ref`
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--flex_volume--secret_ref))
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--volume--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.flex_volume.secret_ref`
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
+<a id="nestedatt--spec--max_scale--auth--client_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.client_password_secret_key_ref`
+
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--volume--flocker"></a>
-### Nested Schema for `spec.bootstrap_from.volume.flocker`
+- `key` (String)
 
 Optional:
 
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--gce_persistent_disk"></a>
-### Nested Schema for `spec.bootstrap_from.volume.gce_persistent_disk`
+<a id="nestedatt--spec--max_scale--auth--metrics_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.metrics_password_secret_key_ref`
 
 Required:
 
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+- `key` (String)
 
 Optional:
 
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--git_repo"></a>
-### Nested Schema for `spec.bootstrap_from.volume.git_repo`
+<a id="nestedatt--spec--max_scale--auth--monitor_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.monitor_password_secret_key_ref`
 
 Required:
 
-- `repository` (String) repository is the URL
+- `key` (String)
 
 Optional:
 
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--glusterfs"></a>
-### Nested Schema for `spec.bootstrap_from.volume.glusterfs`
+<a id="nestedatt--spec--max_scale--auth--server_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.server_password_secret_key_ref`
 
 Required:
 
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+- `key` (String)
 
 Optional:
 
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--host_path"></a>
-### Nested Schema for `spec.bootstrap_from.volume.host_path`
+<a id="nestedatt--spec--max_scale--auth--sync_password_secret_key_ref"></a>
+### Nested Schema for `spec.max_scale.auth.sync_password_secret_key_ref`
 
 Required:
 
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+- `key` (String)
 
 Optional:
 
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
+
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--image"></a>
-### Nested Schema for `spec.bootstrap_from.volume.image`
+<a id="nestedatt--spec--max_scale--config"></a>
+### Nested Schema for `spec.max_scale.config`
 
 Optional:
 
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+- `params` (Map of String) Params is a key value pair of parameters to be used in the MaxScale static configuration file. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings.
+- `sync` (Attributes) Sync defines how to replicate configuration across MaxScale replicas. It is defaulted when HA is enabled. (see [below for nested schema](#nestedatt--spec--max_scale--config--sync))
+- `volume_claim_template` (Attributes) VolumeClaimTemplate provides a template to define the PVCs for storing MaxScale runtime configuration files. It is defaulted if not provided. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template))
 
+<a id="nestedatt--spec--max_scale--config--sync"></a>
+### Nested Schema for `spec.max_scale.config.sync`
 
-<a id="nestedatt--spec--bootstrap_from--volume--iscsi"></a>
-### Nested Schema for `spec.bootstrap_from.volume.iscsi`
+Optional:
 
-Required:
+- `database` (String) Database is the MariaDB logical database where the 'maxscale_config' table will be created in order to persist and synchronize config changes. If not provided, it defaults to 'mysql'.
+- `interval` (String) Interval defines the config synchronization interval. It is defaulted if not provided.
+- `timeout` (String) Interval defines the config synchronization timeout. It is defaulted if not provided.
 
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+<a id="nestedatt--spec--max_scale--config--volume_claim_template"></a>
+### Nested Schema for `spec.max_scale.config.volume_claim_template`
 
 Optional:
 
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--iscsi--secret_ref))
+- `access_modes` (List of String)
+- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--metadata))
+- `resources` (Attributes) VolumeResourceRequirements describes the storage resource requirements for a volume. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--resources))
+- `selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--selector))
+- `storage_class_name` (String)
 
-<a id="nestedatt--spec--bootstrap_from--volume--iscsi--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.iscsi.secret_ref`
+<a id="nestedatt--spec--max_scale--config--volume_claim_template--metadata"></a>
+### Nested Schema for `spec.max_scale.config.volume_claim_template.metadata`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
 
+<a id="nestedatt--spec--max_scale--config--volume_claim_template--resources"></a>
+### Nested Schema for `spec.max_scale.config.volume_claim_template.resources`
 
-<a id="nestedatt--spec--bootstrap_from--volume--nfs"></a>
-### Nested Schema for `spec.bootstrap_from.volume.nfs`
+Optional:
 
-Required:
-
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--persistent_volume_claim"></a>
-### Nested Schema for `spec.bootstrap_from.volume.persistent_volume_claim`
-
-Required:
-
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
-
-Optional:
-
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--photon_persistent_disk"></a>
-### Nested Schema for `spec.bootstrap_from.volume.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--portworx_volume"></a>
-### Nested Schema for `spec.bootstrap_from.volume.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources))
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.cluster_trust_bundle.label_selector`
+<a id="nestedatt--spec--max_scale--config--volume_claim_template--selector"></a>
+### Nested Schema for `spec.max_scale.config.volume_claim_template.selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
+<a id="nestedatt--spec--max_scale--config--volume_claim_template--selector--match_expressions"></a>
+### Nested Schema for `spec.max_scale.config.volume_claim_template.selector.match_expressions`
 
 Required:
 
@@ -1576,8742 +1558,650 @@ Optional:
 
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--config_map"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.config_map.items`
-
-Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--max_scale--connection"></a>
+### Nested Schema for `spec.max_scale.connection`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
+- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--max_scale--connection--health_check))
+- `params` (Map of String) Params to be used in the Connection.
+- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
+- `secret_name` (String) SecretName to be used in the Connection.
+- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--max_scale--connection--secret_template))
+- `service_name` (String) ServiceName to be used in the Connection.
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.downward_api`
+<a id="nestedatt--spec--max_scale--connection--health_check"></a>
+### Nested Schema for `spec.max_scale.connection.health_check`
 
 Optional:
 
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.downward_api.items`
+- `interval` (String) Interval used to perform health checks.
+- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
 
-Required:
 
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+<a id="nestedatt--spec--max_scale--connection--secret_template"></a>
+### Nested Schema for `spec.max_scale.connection.secret_template`
 
 Optional:
 
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.downward_api.items.field_ref`
-
-Required:
+- `database_key` (String) DatabaseKey to be used in the Secret.
+- `format` (String) Format to be used in the Secret.
+- `host_key` (String) HostKey to be used in the Secret.
+- `key` (String) Key to be used in the Secret.
+- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--max_scale--connection--secret_template--metadata))
+- `password_key` (String) PasswordKey to be used in the Secret.
+- `port_key` (String) PortKey to be used in the Secret.
+- `username_key` (String) UsernameKey to be used in the Secret.
 
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--max_scale--connection--secret_template--metadata"></a>
+### Nested Schema for `spec.max_scale.connection.secret_template.metadata`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.downward_api.items.resource_field_ref`
 
-Required:
 
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--max_scale--gui_kubernetes_service"></a>
+### Nested Schema for `spec.max_scale.gui_kubernetes_service`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--max_scale--gui_kubernetes_service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--secret"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.secret`
+<a id="nestedatt--spec--max_scale--gui_kubernetes_service--metadata"></a>
+### Nested Schema for `spec.max_scale.gui_kubernetes_service.metadata`
 
 Optional:
 
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--secret--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.secret.items`
 
-Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--max_scale--kubernetes_service"></a>
+### Nested Schema for `spec.max_scale.kubernetes_service`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.bootstrap_from.volume.projected.sources.service_account_token`
-
-Required:
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--max_scale--kubernetes_service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
+<a id="nestedatt--spec--max_scale--kubernetes_service--metadata"></a>
+### Nested Schema for `spec.max_scale.kubernetes_service.metadata`
 
 Optional:
 
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--bootstrap_from--volume--quobyte"></a>
-### Nested Schema for `spec.bootstrap_from.volume.quobyte`
 
-Required:
 
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
+<a id="nestedatt--spec--max_scale--metrics"></a>
+### Nested Schema for `spec.max_scale.metrics`
 
 Optional:
 
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
+- `enabled` (Boolean) Enabled is a flag to enable Metrics
+- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter))
+- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--service_monitor))
 
+<a id="nestedatt--spec--max_scale--metrics--exporter"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter`
 
-<a id="nestedatt--spec--bootstrap_from--volume--rbd"></a>
-### Nested Schema for `spec.bootstrap_from.volume.rbd`
+Optional:
 
-Required:
+- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity))
+- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--image_pull_secrets))
+- `node_selector` (Map of String) NodeSelector to be used in the Pod.
+- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_metadata))
+- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context))
+- `port` (Number) Port where the exporter will be listening for connections.
+- `priority_class_name` (String) PriorityClassName to be used in the Pod.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--resources))
+- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--tolerations))
 
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity))
 
-<a id="nestedatt--spec--bootstrap_from--volume--rbd--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.rbd.secret_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
-
-<a id="nestedatt--spec--bootstrap_from--volume--scale_io"></a>
-### Nested Schema for `spec.bootstrap_from.volume.scale_io`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
-Optional:
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+Required:
 
-<a id="nestedatt--spec--bootstrap_from--volume--scale_io--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.scale_io.secret_ref`
+- `topology_key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
-<a id="nestedatt--spec--bootstrap_from--volume--secret"></a>
-### Nested Schema for `spec.bootstrap_from.volume.secret`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
 
 Optional:
 
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--bootstrap_from--volume--secret--items"></a>
-### Nested Schema for `spec.bootstrap_from.volume.secret.items`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
 
 Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--bootstrap_from--volume--storageos"></a>
-### Nested Schema for `spec.bootstrap_from.volume.storageos`
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--bootstrap_from--volume--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--bootstrap_from--volume--storageos--secret_ref"></a>
-### Nested Schema for `spec.bootstrap_from.volume.storageos.secret_ref`
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
-<a id="nestedatt--spec--bootstrap_from--volume--vsphere_volume"></a>
-### Nested Schema for `spec.bootstrap_from.volume.vsphere_volume`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
-
-
-
-
-<a id="nestedatt--spec--connection"></a>
-### Nested Schema for `spec.connection`
+- `topology_key` (String)
 
 Optional:
 
-- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--connection--health_check))
-- `params` (Map of String) Params to be used in the Connection.
-- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
-- `secret_name` (String) SecretName to be used in the Connection.
-- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--connection--secret_template))
-- `service_name` (String) ServiceName to be used in the Connection.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
-<a id="nestedatt--spec--connection--health_check"></a>
-### Nested Schema for `spec.connection.health_check`
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
 
 Optional:
 
-- `interval` (String) Interval used to perform health checks.
-- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
-
-
-<a id="nestedatt--spec--connection--secret_template"></a>
-### Nested Schema for `spec.connection.secret_template`
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-Optional:
+<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
-- `database_key` (String) DatabaseKey to be used in the Secret.
-- `format` (String) Format to be used in the Secret.
-- `host_key` (String) HostKey to be used in the Secret.
-- `key` (String) Key to be used in the Secret.
-- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--connection--secret_template--metadata))
-- `password_key` (String) PasswordKey to be used in the Secret.
-- `port_key` (String) PortKey to be used in the Secret.
-- `username_key` (String) UsernameKey to be used in the Secret.
+Required:
 
-<a id="nestedatt--spec--connection--secret_template--metadata"></a>
-### Nested Schema for `spec.connection.secret_template.metadata`
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-
-<a id="nestedatt--spec--env"></a>
-### Nested Schema for `spec.env`
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-Required:
 
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
 
-Optional:
 
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--env--value_from))
 
-<a id="nestedatt--spec--env--value_from"></a>
-### Nested Schema for `spec.env.value_from`
 
-Optional:
+<a id="nestedatt--spec--max_scale--metrics--exporter--image_pull_secrets"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.image_pull_secrets`
 
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--env--value_from--field_ref"></a>
-### Nested Schema for `spec.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--env_from"></a>
-### Nested Schema for `spec.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--env_from--secret_ref))
-
-<a id="nestedatt--spec--env_from--config_map_ref"></a>
-### Nested Schema for `spec.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--env_from--secret_ref"></a>
-### Nested Schema for `spec.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--galera"></a>
-### Nested Schema for `spec.galera`
-
-Optional:
-
-- `agent` (Attributes) GaleraAgent is a sidecar agent that co-operates with mariadb-operator. (see [below for nested schema](#nestedatt--spec--galera--agent))
-- `available_when_donor` (Boolean) AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.
-- `config` (Attributes) GaleraConfig defines storage options for the Galera configuration files. (see [below for nested schema](#nestedatt--spec--galera--config))
-- `enabled` (Boolean) Enabled is a flag to enable Galera.
-- `galera_lib_path` (String) GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided. More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider.
-- `init_container` (Attributes) InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator. (see [below for nested schema](#nestedatt--spec--galera--init_container))
-- `init_job` (Attributes) InitJob defines a Job that co-operates with mariadb-operator by performing initialization tasks. (see [below for nested schema](#nestedatt--spec--galera--init_job))
-- `primary` (Attributes) Primary is the Galera configuration for the primary node. (see [below for nested schema](#nestedatt--spec--galera--primary))
-- `provider_options` (Map of String) ProviderOptions is map of Galera configuration parameters. More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options.
-- `recovery` (Attributes) GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy. More info: https://galeracluster.com/library/documentation/crash-recovery.html. (see [below for nested schema](#nestedatt--spec--galera--recovery))
-- `replica_threads` (Number) ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel. More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads.
-- `sst` (String) SST is the Snapshot State Transfer used when new Pods join the cluster. More info: https://galeracluster.com/library/documentation/sst.html.
-
-<a id="nestedatt--spec--galera--agent"></a>
-### Nested Schema for `spec.galera.agent`
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--galera--agent--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--galera--agent--env_from))
-- `graceful_shutdown_timeout` (String) GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests.
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `kubernetes_auth` (Attributes) KubernetesAuth to be used by the agent container (see [below for nested schema](#nestedatt--spec--galera--agent--kubernetes_auth))
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe))
-- `port` (Number) Port where the agent will be listening for connections.
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--agent--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--agent--volume_mounts))
-
-<a id="nestedatt--spec--galera--agent--env"></a>
-### Nested Schema for `spec.galera.agent.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from))
-
-<a id="nestedatt--spec--galera--agent--env--value_from"></a>
-### Nested Schema for `spec.galera.agent.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--galera--agent--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--galera--agent--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.galera.agent.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--galera--agent--env--value_from--field_ref"></a>
-### Nested Schema for `spec.galera.agent.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--galera--agent--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.galera.agent.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--galera--agent--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.galera.agent.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--galera--agent--env_from"></a>
-### Nested Schema for `spec.galera.agent.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--galera--agent--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--galera--agent--env_from--secret_ref))
-
-<a id="nestedatt--spec--galera--agent--env_from--config_map_ref"></a>
-### Nested Schema for `spec.galera.agent.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--galera--agent--env_from--secret_ref"></a>
-### Nested Schema for `spec.galera.agent.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--galera--agent--kubernetes_auth"></a>
-### Nested Schema for `spec.galera.agent.kubernetes_auth`
-
-Optional:
-
-- `auth_delegator_role_name` (String) AuthDelegatorRoleName is the name of the ClusterRoleBinding that is associated with the 'system:auth-delegator' ClusterRole. It is necessary for creating TokenReview objects in order for the agent to validate the service account token.
-- `enabled` (Boolean) Enabled is a flag to enable KubernetesAuth
-
-
-<a id="nestedatt--spec--galera--agent--liveness_probe"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--galera--agent--liveness_probe--exec"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--galera--agent--liveness_probe--grpc"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--galera--agent--liveness_probe--http_get"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--galera--agent--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--galera--agent--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--galera--agent--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.galera.agent.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--galera--agent--readiness_probe"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--galera--agent--readiness_probe--exec"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--galera--agent--readiness_probe--grpc"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--galera--agent--readiness_probe--http_get"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--galera--agent--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--galera--agent--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--galera--agent--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.galera.agent.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--galera--agent--resources"></a>
-### Nested Schema for `spec.galera.agent.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--galera--agent--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--galera--agent--resources--claims"></a>
-### Nested Schema for `spec.galera.agent.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--galera--agent--security_context"></a>
-### Nested Schema for `spec.galera.agent.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--galera--agent--security_context--windows_options))
-
-<a id="nestedatt--spec--galera--agent--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.galera.agent.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--galera--agent--security_context--capabilities"></a>
-### Nested Schema for `spec.galera.agent.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--galera--agent--security_context--se_linux_options"></a>
-### Nested Schema for `spec.galera.agent.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--galera--agent--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.galera.agent.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--galera--agent--security_context--windows_options"></a>
-### Nested Schema for `spec.galera.agent.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--galera--agent--volume_mounts"></a>
-### Nested Schema for `spec.galera.agent.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--galera--config"></a>
-### Nested Schema for `spec.galera.config`
-
-Optional:
-
-- `reuse_storage_volume` (Boolean) ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files. It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned.
-- `volume_claim_template` (Attributes) VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template))
-
-<a id="nestedatt--spec--galera--config--volume_claim_template"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--data_source_ref))
-- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--metadata))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--data_source"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--data_source_ref"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--metadata"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--resources"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--selector"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--config--volume_claim_template--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--config--volume_claim_template--selector--match_expressions"></a>
-### Nested Schema for `spec.galera.config.volume_claim_template.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_container"></a>
-### Nested Schema for `spec.galera.init_container`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--galera--init_container--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--init_container--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--galera--init_container--volume_mounts))
-
-<a id="nestedatt--spec--galera--init_container--env"></a>
-### Nested Schema for `spec.galera.init_container.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from))
-
-<a id="nestedatt--spec--galera--init_container--env--value_from"></a>
-### Nested Schema for `spec.galera.init_container.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--galera--init_container--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--galera--init_container--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.galera.init_container.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--galera--init_container--env--value_from--field_ref"></a>
-### Nested Schema for `spec.galera.init_container.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--galera--init_container--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.galera.init_container.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--galera--init_container--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.galera.init_container.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--galera--init_container--env_from"></a>
-### Nested Schema for `spec.galera.init_container.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--galera--init_container--env_from--secret_ref))
-
-<a id="nestedatt--spec--galera--init_container--env_from--config_map_ref"></a>
-### Nested Schema for `spec.galera.init_container.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--galera--init_container--env_from--secret_ref"></a>
-### Nested Schema for `spec.galera.init_container.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe--exec"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe--grpc"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe--http_get"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--galera--init_container--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--galera--init_container--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.galera.init_container.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe--exec"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe--grpc"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe--http_get"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--galera--init_container--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--galera--init_container--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.galera.init_container.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--galera--init_container--resources"></a>
-### Nested Schema for `spec.galera.init_container.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--galera--init_container--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--galera--init_container--resources--claims"></a>
-### Nested Schema for `spec.galera.init_container.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--galera--init_container--security_context"></a>
-### Nested Schema for `spec.galera.init_container.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--galera--init_container--security_context--windows_options))
-
-<a id="nestedatt--spec--galera--init_container--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.galera.init_container.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--galera--init_container--security_context--capabilities"></a>
-### Nested Schema for `spec.galera.init_container.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--galera--init_container--security_context--se_linux_options"></a>
-### Nested Schema for `spec.galera.init_container.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--galera--init_container--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.galera.init_container.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--galera--init_container--security_context--windows_options"></a>
-### Nested Schema for `spec.galera.init_container.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--galera--init_container--volume_mounts"></a>
-### Nested Schema for `spec.galera.init_container.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--galera--init_job"></a>
-### Nested Schema for `spec.galera.init_job`
-
-Optional:
-
-- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity))
-- `args` (List of String) Args to be used in the Container.
-- `metadata` (Attributes) Metadata defines additional metadata for the bootstrap Jobs. (see [below for nested schema](#nestedatt--spec--galera--init_job--metadata))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--init_job--resources))
-
-<a id="nestedatt--spec--galera--init_job--affinity"></a>
-### Nested Schema for `spec.galera.init_job.affinity`
-
-Optional:
-
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.galera.init_job.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--galera--init_job--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.galera.init_job.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--galera--init_job--metadata"></a>
-### Nested Schema for `spec.galera.init_job.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--galera--init_job--resources"></a>
-### Nested Schema for `spec.galera.init_job.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--galera--init_job--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--galera--init_job--resources--claims"></a>
-### Nested Schema for `spec.galera.init_job.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-
-<a id="nestedatt--spec--galera--primary"></a>
-### Nested Schema for `spec.galera.primary`
-
-Optional:
-
-- `automatic_failover` (Boolean) AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
-- `pod_index` (Number) PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
-
-
-<a id="nestedatt--spec--galera--recovery"></a>
-### Nested Schema for `spec.galera.recovery`
-
-Optional:
-
-- `cluster_bootstrap_timeout` (String) ClusterBootstrapTimeout is the time limit for bootstrapping a cluster. Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted.
-- `cluster_healthy_timeout` (String) ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks, is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator.
-- `cluster_monitor_interval` (String) ClusterMonitorInterval represents the interval used to monitor the Galera cluster health.
-- `enabled` (Boolean) Enabled is a flag to enable GaleraRecovery.
-- `force_cluster_bootstrap_in_pod` (String) ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod. IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss. IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery.
-- `job` (Attributes) Job defines a Job that co-operates with mariadb-operator by performing the Galera cluster recovery . (see [below for nested schema](#nestedatt--spec--galera--recovery--job))
-- `min_cluster_size` (String) MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%). If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated. It defaults to '1' replica.
-- `pod_recovery_timeout` (String) PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery.
-- `pod_sync_timeout` (String) PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery.
-
-<a id="nestedatt--spec--galera--recovery--job"></a>
-### Nested Schema for `spec.galera.recovery.job`
-
-Optional:
-
-- `metadata` (Attributes) Metadata defines additional metadata for the Galera recovery Jobs. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--metadata))
-- `pod_affinity` (Boolean) PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--resources))
-
-<a id="nestedatt--spec--galera--recovery--job--metadata"></a>
-### Nested Schema for `spec.galera.recovery.job.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--galera--recovery--job--resources"></a>
-### Nested Schema for `spec.galera.recovery.job.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--galera--recovery--job--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--galera--recovery--job--resources--claims"></a>
-### Nested Schema for `spec.galera.recovery.job.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-
-
-
-<a id="nestedatt--spec--image_pull_secrets"></a>
-### Nested Schema for `spec.image_pull_secrets`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-<a id="nestedatt--spec--inherit_metadata"></a>
-### Nested Schema for `spec.inherit_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--init_containers"></a>
-### Nested Schema for `spec.init_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--init_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--init_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--init_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--init_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--volume_mounts))
-
-<a id="nestedatt--spec--init_containers--env"></a>
-### Nested Schema for `spec.init_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from))
-
-<a id="nestedatt--spec--init_containers--env--value_from"></a>
-### Nested Schema for `spec.init_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--init_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--init_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--init_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--init_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--init_containers--env_from"></a>
-### Nested Schema for `spec.init_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--init_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--init_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--init_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.init_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--init_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.init_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe"></a>
-### Nested Schema for `spec.init_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--init_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--init_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe"></a>
-### Nested Schema for `spec.init_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--init_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--init_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--init_containers--resources"></a>
-### Nested Schema for `spec.init_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--init_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--init_containers--resources--claims"></a>
-### Nested Schema for `spec.init_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--init_containers--security_context"></a>
-### Nested Schema for `spec.init_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--init_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.init_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--init_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.init_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--init_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.init_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--init_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.init_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--init_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.init_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--init_containers--volume_mounts"></a>
-### Nested Schema for `spec.init_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--liveness_probe"></a>
-### Nested Schema for `spec.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--liveness_probe--exec"></a>
-### Nested Schema for `spec.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--liveness_probe--grpc"></a>
-### Nested Schema for `spec.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--liveness_probe--http_get"></a>
-### Nested Schema for `spec.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale"></a>
-### Nested Schema for `spec.max_scale`
-
-Optional:
-
-- `admin` (Attributes) Admin configures the admin REST API and GUI. (see [below for nested schema](#nestedatt--spec--max_scale--admin))
-- `auth` (Attributes) Auth defines the credentials required for MaxScale to connect to MariaDB. (see [below for nested schema](#nestedatt--spec--max_scale--auth))
-- `config` (Attributes) Config defines the MaxScale configuration. (see [below for nested schema](#nestedatt--spec--max_scale--config))
-- `connection` (Attributes) Connection provides a template to define the Connection for MaxScale. (see [below for nested schema](#nestedatt--spec--max_scale--connection))
-- `enabled` (Boolean) Enabled is a flag to enable a MaxScale instance to be used with the current MariaDB.
-- `gui_kubernetes_service` (Attributes) GuiKubernetesService define a template for a Kubernetes Service object to connect to MaxScale's GUI. (see [below for nested schema](#nestedatt--spec--max_scale--gui_kubernetes_service))
-- `image` (String) Image name to be used by the MaxScale instances. The supported format is '<image>:<tag>'. Only MariaDB official images are supported.
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `kubernetes_service` (Attributes) KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale. (see [below for nested schema](#nestedatt--spec--max_scale--kubernetes_service))
-- `metrics` (Attributes) Metrics configures metrics and how to scrape them. (see [below for nested schema](#nestedatt--spec--max_scale--metrics))
-- `monitor` (Attributes) Monitor monitors MariaDB server instances. (see [below for nested schema](#nestedatt--spec--max_scale--monitor))
-- `pod_disruption_budget` (Attributes) PodDisruptionBudget defines the budget for replica availability. (see [below for nested schema](#nestedatt--spec--max_scale--pod_disruption_budget))
-- `replicas` (Number) Replicas indicates the number of desired instances.
-- `requeue_interval` (String) RequeueInterval is used to perform requeue reconciliations.
-- `services` (Attributes List) Services define how the traffic is forwarded to the MariaDB servers. (see [below for nested schema](#nestedatt--spec--max_scale--services))
-- `update_strategy` (Attributes) UpdateStrategy defines the update strategy for the StatefulSet object. (see [below for nested schema](#nestedatt--spec--max_scale--update_strategy))
-
-<a id="nestedatt--spec--max_scale--admin"></a>
-### Nested Schema for `spec.max_scale.admin`
-
-Optional:
-
-- `gui_enabled` (Boolean) GuiEnabled indicates whether the admin GUI should be enabled.
-- `port` (Number) Port where the admin REST API and GUI will be exposed.
-
-
-<a id="nestedatt--spec--max_scale--auth"></a>
-### Nested Schema for `spec.max_scale.auth`
-
-Optional:
-
-- `admin_password_secret_key_ref` (Attributes) AdminPasswordSecretKeyRef is Secret key reference to the admin password to call the admin REST API. It is defaulted if not provided. (see [below for nested schema](#nestedatt--spec--max_scale--auth--admin_password_secret_key_ref))
-- `admin_username` (String) AdminUsername is an admin username to call the admin REST API. It is defaulted if not provided.
-- `client_max_connections` (Number) ClientMaxConnections defines the maximum number of connections that the client can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
-- `client_password_secret_key_ref` (Attributes) ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--client_password_secret_key_ref))
-- `client_username` (String) ClientUsername is the user to connect to MaxScale. It is defaulted if not provided.
-- `delete_default_admin` (Boolean) DeleteDefaultAdmin determines whether the default admin user should be deleted after the initial configuration. If not provided, it defaults to true.
-- `generate` (Boolean) Generate defies whether the operator should generate users and grants for MaxScale to work. It only supports MariaDBs specified via spec.mariaDbRef.
-- `metrics_password_secret_key_ref` (Attributes) MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--metrics_password_secret_key_ref))
-- `metrics_username` (String) MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled.
-- `monitor_max_connections` (Number) MonitorMaxConnections defines the maximum number of connections that the monitor can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
-- `monitor_password_secret_key_ref` (Attributes) MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--monitor_password_secret_key_ref))
-- `monitor_username` (String) MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.
-- `server_max_connections` (Number) ServerMaxConnections defines the maximum number of connections that the server can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
-- `server_password_secret_key_ref` (Attributes) ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--server_password_secret_key_ref))
-- `server_username` (String) ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided.
-- `sync_max_connections` (Number) SyncMaxConnections defines the maximum number of connections that the sync can establish. If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. It defaults to 30 times the number of MaxScale replicas.
-- `sync_password_secret_key_ref` (Attributes) SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--max_scale--auth--sync_password_secret_key_ref))
-- `sync_username` (String) MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled.
-
-<a id="nestedatt--spec--max_scale--auth--admin_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.admin_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--auth--client_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.client_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--auth--metrics_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.metrics_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--auth--monitor_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.monitor_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--auth--server_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.server_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--auth--sync_password_secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.auth.sync_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-<a id="nestedatt--spec--max_scale--config"></a>
-### Nested Schema for `spec.max_scale.config`
-
-Optional:
-
-- `params` (Map of String) Params is a key value pair of parameters to be used in the MaxScale static configuration file. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings.
-- `sync` (Attributes) Sync defines how to replicate configuration across MaxScale replicas. It is defaulted when HA is enabled. (see [below for nested schema](#nestedatt--spec--max_scale--config--sync))
-- `volume_claim_template` (Attributes) VolumeClaimTemplate provides a template to define the PVCs for storing MaxScale runtime configuration files. It is defaulted if not provided. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template))
-
-<a id="nestedatt--spec--max_scale--config--sync"></a>
-### Nested Schema for `spec.max_scale.config.sync`
-
-Optional:
-
-- `database` (String) Database is the MariaDB logical database where the 'maxscale_config' table will be created in order to persist and synchronize config changes. If not provided, it defaults to 'mysql'.
-- `interval` (String) Interval defines the config synchronization interval. It is defaulted if not provided.
-- `timeout` (String) Interval defines the config synchronization timeout. It is defaulted if not provided.
-
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--data_source_ref))
-- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--metadata))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--data_source"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--data_source_ref"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--metadata"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--resources"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--selector"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--config--volume_claim_template--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--config--volume_claim_template--selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.config.volume_claim_template.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--connection"></a>
-### Nested Schema for `spec.max_scale.connection`
-
-Optional:
-
-- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--max_scale--connection--health_check))
-- `params` (Map of String) Params to be used in the Connection.
-- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
-- `secret_name` (String) SecretName to be used in the Connection.
-- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--max_scale--connection--secret_template))
-- `service_name` (String) ServiceName to be used in the Connection.
-
-<a id="nestedatt--spec--max_scale--connection--health_check"></a>
-### Nested Schema for `spec.max_scale.connection.health_check`
-
-Optional:
-
-- `interval` (String) Interval used to perform health checks.
-- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
-
-
-<a id="nestedatt--spec--max_scale--connection--secret_template"></a>
-### Nested Schema for `spec.max_scale.connection.secret_template`
-
-Optional:
-
-- `database_key` (String) DatabaseKey to be used in the Secret.
-- `format` (String) Format to be used in the Secret.
-- `host_key` (String) HostKey to be used in the Secret.
-- `key` (String) Key to be used in the Secret.
-- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--max_scale--connection--secret_template--metadata))
-- `password_key` (String) PasswordKey to be used in the Secret.
-- `port_key` (String) PortKey to be used in the Secret.
-- `username_key` (String) UsernameKey to be used in the Secret.
-
-<a id="nestedatt--spec--max_scale--connection--secret_template--metadata"></a>
-### Nested Schema for `spec.max_scale.connection.secret_template.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-
-<a id="nestedatt--spec--max_scale--gui_kubernetes_service"></a>
-### Nested Schema for `spec.max_scale.gui_kubernetes_service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--max_scale--gui_kubernetes_service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--max_scale--gui_kubernetes_service--metadata"></a>
-### Nested Schema for `spec.max_scale.gui_kubernetes_service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--max_scale--kubernetes_service"></a>
-### Nested Schema for `spec.max_scale.kubernetes_service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--max_scale--kubernetes_service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--max_scale--kubernetes_service--metadata"></a>
-### Nested Schema for `spec.max_scale.kubernetes_service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics"></a>
-### Nested Schema for `spec.max_scale.metrics`
-
-Optional:
-
-- `enabled` (Boolean) Enabled is a flag to enable Metrics
-- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter))
-- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--service_monitor))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter`
-
-Optional:
-
-- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity))
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env_from))
-- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--image_pull_secrets))
-- `init_containers` (Attributes List) InitContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers))
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe))
-- `node_selector` (Map of String) NodeSelector to be used in the Pod.
-- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_metadata))
-- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context))
-- `port` (Number) Port where the exporter will be listening for connections.
-- `priority_class_name` (String) PriorityClassName to be used in the Pod.
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context))
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
-- `sidecar_containers` (Attributes List) SidecarContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers))
-- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--tolerations))
-- `topology_spread_constraints` (Attributes List) TopologySpreadConstraints to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volume_mounts))
-- `volumes` (Attributes List) Volumes to be used in the Pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity`
-
-Optional:
-
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env--value_from))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env--value_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env--value_from--field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--env_from--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env_from--config_map_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--env_from--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--image_pull_secrets"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.image_pull_secrets`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--volume_mounts))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--resources"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--resources--claims"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--init_containers--volume_mounts"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.init_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_metadata"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context`
-
-Optional:
-
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--app_armor_profile))
-- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
-- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
-- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
-- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--sysctls))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--windows_options))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--app_armor_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--se_linux_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--seccomp_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--sysctls"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.sysctls`
-
-Required:
-
-- `name` (String) Name of a property to set
-- `value` (String) Value of a property to set
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--windows_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--resources"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--resources--claims"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--security_context--windows_options))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context--capabilities"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context--se_linux_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--security_context--windows_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--volume_mounts))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--resources"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--resources--claims"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--sidecar_containers--volume_mounts"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.sidecar_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--tolerations"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.tolerations`
-
-Optional:
-
-- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
-- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
-- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
-- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.topology_spread_constraints`
-
-Required:
-
-- `max_skew` (Number) MaxSkew describes the degree to which pods may be unevenly distributed. When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-- `topology_key` (String) TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a 'bucket', and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is 'kubernetes.io/hostname', each Node is a domain of that topology. And, if TopologyKey is 'topology.kubernetes.io/zone', each zone is a domain of that topology. It's a required field.
-- `when_unsatisfiable` (String) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered 'Unsatisfiable' for an incoming pod if and only if every possible node assignment for that pod would violate 'MaxSkew' on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
-
-Optional:
-
-- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
-- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
-- `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-- `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.topology_spread_constraints.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--topology_spread_constraints--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.topology_spread_constraints.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volume_mounts"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes`
-
-Required:
-
-- `name` (String) name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--vsphere_volume))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--aws_elastic_block_store"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.aws_elastic_block_store`
-
-Required:
-
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--azure_disk"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.azure_disk`
-
-Required:
-
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
-
-Optional:
-
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--azure_file"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.azure_file`
-
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--cephfs"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--cephfs--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--cinder"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--cinder--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--cinder--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--config_map"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--config_map--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--csi"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--empty_dir"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.empty_dir`
-
-Optional:
-
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template`
-
-Required:
-
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec))
-
-Optional:
-
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--fc"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--flex_volume"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.flex_volume`
-
-Required:
-
-- `driver` (String) driver is the name of the driver to use for this volume.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.flex_volume.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--flocker"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.flocker`
-
-Optional:
-
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--gce_persistent_disk"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.gce_persistent_disk`
-
-Required:
-
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--git_repo"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.git_repo`
-
-Required:
-
-- `repository` (String) repository is the URL
-
-Optional:
-
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--glusterfs"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.glusterfs`
-
-Required:
-
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--host_path"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.host_path`
-
-Required:
-
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-Optional:
-
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--image"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.image`
-
-Optional:
-
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--iscsi"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.iscsi`
-
-Required:
-
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-
-Optional:
-
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--iscsi--secret_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--iscsi--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.iscsi.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--nfs"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.nfs`
-
-Required:
-
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--persistent_volume_claim"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.persistent_volume_claim`
-
-Required:
-
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
-
-Optional:
-
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--photon_persistent_disk"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--portworx_volume"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
-
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--config_map"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.downward_api`
-
-Optional:
-
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--secret"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.secret`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--secret--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.projected.sources.service_account_token`
-
-Required:
-
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
-
-Optional:
-
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--quobyte"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.quobyte`
-
-Required:
-
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
-
-Optional:
-
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--rbd"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.rbd`
-
-Required:
-
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--rbd--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.rbd.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--scale_io"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--scale_io--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.scale_io.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--secret"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.secret`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--secret--items"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--storageos"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.storageos`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--volumes--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--storageos--secret_ref"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.storageos.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--exporter--volumes--vsphere_volume"></a>
-### Nested Schema for `spec.max_scale.metrics.exporter.volumes.vsphere_volume`
-
-Required:
-
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
-
-
-
-
-<a id="nestedatt--spec--max_scale--metrics--service_monitor"></a>
-### Nested Schema for `spec.max_scale.metrics.service_monitor`
-
-Optional:
-
-- `interval` (String) Interval for scraping metrics.
-- `job_label` (String) JobLabel to add to the ServiceMonitor object.
-- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
-- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
-
-
-
-<a id="nestedatt--spec--max_scale--monitor"></a>
-### Nested Schema for `spec.max_scale.monitor`
-
-Optional:
-
-- `cooperative_monitoring` (String) CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled.
-- `interval` (String) Interval used to monitor MariaDB servers. It is defaulted if not provided.
-- `module` (String) Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.
-- `name` (String) Name is the identifier of the monitor. It is defaulted if not provided.
-- `params` (Map of String) Params defines extra parameters to pass to the monitor. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-
-<a id="nestedatt--spec--max_scale--pod_disruption_budget"></a>
-### Nested Schema for `spec.max_scale.pod_disruption_budget`
-
-Optional:
-
-- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
-- `min_available` (String) MinAvailable defines the number of minimum available Pods.
-
-
-<a id="nestedatt--spec--max_scale--services"></a>
-### Nested Schema for `spec.max_scale.services`
-
-Required:
-
-- `listener` (Attributes) MaxScaleListener defines how the MaxScale server will listen for connections. (see [below for nested schema](#nestedatt--spec--max_scale--services--listener))
-- `name` (String) Name is the identifier of the MaxScale service.
-- `router` (String) Router is the type of router to use.
-
-Optional:
-
-- `params` (Map of String) Params defines extra parameters to pass to the service. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-<a id="nestedatt--spec--max_scale--services--listener"></a>
-### Nested Schema for `spec.max_scale.services.listener`
-
-Required:
-
-- `port` (Number) Port is the network port where the MaxScale server will listen.
-
-Optional:
-
-- `name` (String) Name is the identifier of the listener. It is defaulted if not provided
-- `params` (Map of String) Params defines extra parameters to pass to the listener. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.
-- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-
-
-<a id="nestedatt--spec--max_scale--update_strategy"></a>
-### Nested Schema for `spec.max_scale.update_strategy`
-
-Optional:
-
-- `rolling_update` (Attributes) RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. (see [below for nested schema](#nestedatt--spec--max_scale--update_strategy--rolling_update))
-- `type` (String) Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
-
-<a id="nestedatt--spec--max_scale--update_strategy--rolling_update"></a>
-### Nested Schema for `spec.max_scale.update_strategy.rolling_update`
-
-Optional:
-
-- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
-- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
-
-
-
-
-<a id="nestedatt--spec--max_scale_ref"></a>
-### Nested Schema for `spec.max_scale_ref`
-
-Optional:
-
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-
-
-<a id="nestedatt--spec--metrics"></a>
-### Nested Schema for `spec.metrics`
-
-Optional:
-
-- `enabled` (Boolean) Enabled is a flag to enable Metrics
-- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--metrics--exporter))
-- `password_secret_key_ref` (Attributes) PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--metrics--password_secret_key_ref))
-- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--metrics--service_monitor))
-- `username` (String) Username is the username of the monitoring user used by the exporter.
-
-<a id="nestedatt--spec--metrics--exporter"></a>
-### Nested Schema for `spec.metrics.exporter`
-
-Optional:
-
-- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity))
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from))
-- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--metrics--exporter--image_pull_secrets))
-- `init_containers` (Attributes List) InitContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers))
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe))
-- `node_selector` (Map of String) NodeSelector to be used in the Pod.
-- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_metadata))
-- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context))
-- `port` (Number) Port where the exporter will be listening for connections.
-- `priority_class_name` (String) PriorityClassName to be used in the Pod.
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context))
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
-- `sidecar_containers` (Attributes List) SidecarContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers))
-- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--tolerations))
-- `topology_spread_constraints` (Attributes List) TopologySpreadConstraints to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volume_mounts))
-- `volumes` (Attributes List) Volumes to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes))
-
-<a id="nestedatt--spec--metrics--exporter--affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity`
-
-Optional:
-
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--env"></a>
-### Nested Schema for `spec.metrics.exporter.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--image_pull_secrets"></a>
-### Nested Schema for `spec.metrics.exporter.image_pull_secrets`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--volume_mounts))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--resources"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_metadata"></a>
-### Nested Schema for `spec.metrics.exporter.pod_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context`
-
-Optional:
-
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile))
-- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
-- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
-- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
-- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--sysctls))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--sysctls"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.sysctls`
-
-Required:
-
-- `name` (String) Name of a property to set
-- `value` (String) Value of a property to set
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--resources"></a>
-### Nested Schema for `spec.metrics.exporter.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--volume_mounts))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--resources"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--tolerations"></a>
-### Nested Schema for `spec.metrics.exporter.tolerations`
-
-Optional:
-
-- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
-- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
-- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
-- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
-
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints`
-
-Required:
-
-- `max_skew` (Number) MaxSkew describes the degree to which pods may be unevenly distributed. When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-- `topology_key` (String) TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a 'bucket', and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is 'kubernetes.io/hostname', each Node is a domain of that topology. And, if TopologyKey is 'topology.kubernetes.io/zone', each zone is a domain of that topology. It's a required field.
-- `when_unsatisfiable` (String) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered 'Unsatisfiable' for an incoming pod if and only if every possible node assignment for that pod would violate 'MaxSkew' on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
-
-Optional:
-
-- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
-- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
-- `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-- `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes"></a>
-### Nested Schema for `spec.metrics.exporter.volumes`
-
-Required:
-
-- `name` (String) name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--vsphere_volume))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--aws_elastic_block_store"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.aws_elastic_block_store`
-
-Required:
-
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--azure_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.azure_disk`
-
-Required:
-
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
-
-Optional:
-
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--azure_file"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.azure_file`
-
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cephfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cephfs--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cinder"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cinder--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cinder--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--config_map"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--config_map--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--csi"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--empty_dir"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.empty_dir`
-
-Optional:
-
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template`
-
-Required:
-
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec))
-
-Optional:
-
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--fc"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flex_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flex_volume`
-
-Required:
-
-- `driver` (String) driver is the name of the driver to use for this volume.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flex_volume.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flocker"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flocker`
-
-Optional:
-
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--gce_persistent_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.gce_persistent_disk`
-
-Required:
-
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--git_repo"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.git_repo`
-
-Required:
-
-- `repository` (String) repository is the URL
-
-Optional:
-
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--glusterfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.glusterfs`
-
-Required:
-
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--host_path"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.host_path`
-
-Required:
-
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-Optional:
-
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--image"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.image`
-
-Optional:
-
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--iscsi"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.iscsi`
-
-Required:
-
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-
-Optional:
-
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--iscsi--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--iscsi--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.iscsi.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--nfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.nfs`
-
-Required:
-
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--persistent_volume_claim"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.persistent_volume_claim`
-
-Required:
-
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
-
-Optional:
-
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--photon_persistent_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--portworx_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
-
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api`
-
-Optional:
-
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--secret"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.secret`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--secret--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.service_account_token`
-
-Required:
-
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
-
-Optional:
-
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--quobyte"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.quobyte`
-
-Required:
-
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
-
-Optional:
-
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--rbd"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.rbd`
-
-Required:
-
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-<a id="nestedatt--spec--metrics--exporter--volumes--rbd--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.rbd.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--scale_io"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--scale_io--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.scale_io.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--secret"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.secret`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-<a id="nestedatt--spec--metrics--exporter--volumes--secret--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--storageos"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.storageos`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--storageos--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.storageos.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--vsphere_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.vsphere_volume`
-
-Required:
-
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
-
-
-
-
-<a id="nestedatt--spec--metrics--password_secret_key_ref"></a>
-### Nested Schema for `spec.metrics.password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--service_monitor"></a>
-### Nested Schema for `spec.metrics.service_monitor`
-
-Optional:
-
-- `interval` (String) Interval for scraping metrics.
-- `job_label` (String) JobLabel to add to the ServiceMonitor object.
-- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
-- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
-
-
-
-<a id="nestedatt--spec--my_cnf_config_map_key_ref"></a>
-### Nested Schema for `spec.my_cnf_config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--password_hash_secret_key_ref"></a>
-### Nested Schema for `spec.password_hash_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--password_plugin"></a>
-### Nested Schema for `spec.password_plugin`
-
-Optional:
-
-- `plugin_arg_secret_key_ref` (Attributes) PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the authentication plugin arguments. (see [below for nested schema](#nestedatt--spec--password_plugin--plugin_arg_secret_key_ref))
-- `plugin_name_secret_key_ref` (Attributes) PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the authentication plugin. (see [below for nested schema](#nestedatt--spec--password_plugin--plugin_name_secret_key_ref))
-
-<a id="nestedatt--spec--password_plugin--plugin_arg_secret_key_ref"></a>
-### Nested Schema for `spec.password_plugin.plugin_arg_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--password_plugin--plugin_name_secret_key_ref"></a>
-### Nested Schema for `spec.password_plugin.plugin_name_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-<a id="nestedatt--spec--password_secret_key_ref"></a>
-### Nested Schema for `spec.password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--pod_disruption_budget"></a>
-### Nested Schema for `spec.pod_disruption_budget`
-
-Optional:
-
-- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
-- `min_available` (String) MinAvailable defines the number of minimum available Pods.
-
-
-<a id="nestedatt--spec--pod_metadata"></a>
-### Nested Schema for `spec.pod_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--pod_security_context"></a>
-### Nested Schema for `spec.pod_security_context`
-
-Optional:
-
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--app_armor_profile))
-- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
-- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
-- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
-- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--sysctls))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_security_context--windows_options))
-
-<a id="nestedatt--spec--pod_security_context--app_armor_profile"></a>
-### Nested Schema for `spec.pod_security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--pod_security_context--se_linux_options"></a>
-### Nested Schema for `spec.pod_security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--pod_security_context--seccomp_profile"></a>
-### Nested Schema for `spec.pod_security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--pod_security_context--sysctls"></a>
-### Nested Schema for `spec.pod_security_context.sysctls`
-
-Required:
-
-- `name` (String) Name of a property to set
-- `value` (String) Value of a property to set
-
-
-<a id="nestedatt--spec--pod_security_context--windows_options"></a>
-### Nested Schema for `spec.pod_security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--primary_connection"></a>
-### Nested Schema for `spec.primary_connection`
-
-Optional:
-
-- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--primary_connection--health_check))
-- `params` (Map of String) Params to be used in the Connection.
-- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
-- `secret_name` (String) SecretName to be used in the Connection.
-- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--primary_connection--secret_template))
-- `service_name` (String) ServiceName to be used in the Connection.
-
-<a id="nestedatt--spec--primary_connection--health_check"></a>
-### Nested Schema for `spec.primary_connection.health_check`
-
-Optional:
-
-- `interval` (String) Interval used to perform health checks.
-- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
-
-
-<a id="nestedatt--spec--primary_connection--secret_template"></a>
-### Nested Schema for `spec.primary_connection.secret_template`
-
-Optional:
-
-- `database_key` (String) DatabaseKey to be used in the Secret.
-- `format` (String) Format to be used in the Secret.
-- `host_key` (String) HostKey to be used in the Secret.
-- `key` (String) Key to be used in the Secret.
-- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--primary_connection--secret_template--metadata))
-- `password_key` (String) PasswordKey to be used in the Secret.
-- `port_key` (String) PortKey to be used in the Secret.
-- `username_key` (String) UsernameKey to be used in the Secret.
-
-<a id="nestedatt--spec--primary_connection--secret_template--metadata"></a>
-### Nested Schema for `spec.primary_connection.secret_template.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-
-<a id="nestedatt--spec--primary_service"></a>
-### Nested Schema for `spec.primary_service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--primary_service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--primary_service--metadata"></a>
-### Nested Schema for `spec.primary_service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--readiness_probe"></a>
-### Nested Schema for `spec.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--readiness_probe--exec"></a>
-### Nested Schema for `spec.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--readiness_probe--grpc"></a>
-### Nested Schema for `spec.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--readiness_probe--http_get"></a>
-### Nested Schema for `spec.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--replication"></a>
-### Nested Schema for `spec.replication`
-
-Optional:
-
-- `enabled` (Boolean) Enabled is a flag to enable Replication.
-- `primary` (Attributes) Primary is the replication configuration for the primary node. (see [below for nested schema](#nestedatt--spec--replication--primary))
-- `probes_enabled` (Boolean) ProbesEnabled indicates to use replication specific liveness and readiness probes. This probes check that the primary can receive queries and that the replica has the replication thread running.
-- `replica` (Attributes) ReplicaReplication is the replication configuration for the replica nodes. (see [below for nested schema](#nestedatt--spec--replication--replica))
-- `sync_binlog` (Boolean) SyncBinlog indicates whether the binary log should be synchronized to the disk after every event. It trades off performance for consistency. See: https://mariadb.com/kb/en/replication-and-binary-log-system-variables/#sync_binlog.
-
-<a id="nestedatt--spec--replication--primary"></a>
-### Nested Schema for `spec.replication.primary`
-
-Optional:
-
-- `automatic_failover` (Boolean) AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
-- `pod_index` (Number) PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
-
-
-<a id="nestedatt--spec--replication--replica"></a>
-### Nested Schema for `spec.replication.replica`
-
-Optional:
-
-- `connection_retries` (Number) ConnectionRetries to be used when the replica connects to the primary.
-- `connection_timeout` (String) ConnectionTimeout to be used when the replica connects to the primary.
-- `gtid` (String) Gtid indicates which Global Transaction ID should be used when connecting a replica to the master. See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos.
-- `repl_password_secret_key_ref` (Attributes) ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user. (see [below for nested schema](#nestedatt--spec--replication--replica--repl_password_secret_key_ref))
-- `sync_timeout` (String) SyncTimeout defines the timeout for a replica to be synced with the primary when performing a primary switchover. If the timeout is reached, the replica GTID will be reset and the switchover will continue.
-- `wait_point` (String) WaitPoint defines whether the transaction should wait for ACK before committing to the storage engine. More info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.
-
-<a id="nestedatt--spec--replication--replica--repl_password_secret_key_ref"></a>
-### Nested Schema for `spec.replication.replica.repl_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--resources"></a>
-### Nested Schema for `spec.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--resources--claims"></a>
-### Nested Schema for `spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--root_password_secret_key_ref"></a>
-### Nested Schema for `spec.root_password_secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--secondary_connection"></a>
-### Nested Schema for `spec.secondary_connection`
-
-Optional:
-
-- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--secondary_connection--health_check))
-- `params` (Map of String) Params to be used in the Connection.
-- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
-- `secret_name` (String) SecretName to be used in the Connection.
-- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--secondary_connection--secret_template))
-- `service_name` (String) ServiceName to be used in the Connection.
-
-<a id="nestedatt--spec--secondary_connection--health_check"></a>
-### Nested Schema for `spec.secondary_connection.health_check`
-
-Optional:
-
-- `interval` (String) Interval used to perform health checks.
-- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
-
-
-<a id="nestedatt--spec--secondary_connection--secret_template"></a>
-### Nested Schema for `spec.secondary_connection.secret_template`
-
-Optional:
-
-- `database_key` (String) DatabaseKey to be used in the Secret.
-- `format` (String) Format to be used in the Secret.
-- `host_key` (String) HostKey to be used in the Secret.
-- `key` (String) Key to be used in the Secret.
-- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--secondary_connection--secret_template--metadata))
-- `password_key` (String) PasswordKey to be used in the Secret.
-- `port_key` (String) PortKey to be used in the Secret.
-- `username_key` (String) UsernameKey to be used in the Secret.
-
-<a id="nestedatt--spec--secondary_connection--secret_template--metadata"></a>
-### Nested Schema for `spec.secondary_connection.secret_template.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-
-<a id="nestedatt--spec--secondary_service"></a>
-### Nested Schema for `spec.secondary_service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--secondary_service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--secondary_service--metadata"></a>
-### Nested Schema for `spec.secondary_service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--security_context"></a>
-### Nested Schema for `spec.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--security_context--windows_options))
-
-<a id="nestedatt--spec--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--security_context--capabilities"></a>
-### Nested Schema for `spec.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--security_context--se_linux_options"></a>
-### Nested Schema for `spec.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--security_context--windows_options"></a>
-### Nested Schema for `spec.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--service"></a>
-### Nested Schema for `spec.service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--service--metadata"></a>
-### Nested Schema for `spec.service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--sidecar_containers"></a>
-### Nested Schema for `spec.sidecar_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--sidecar_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--volume_mounts))
+Optional:
 
-<a id="nestedatt--spec--sidecar_containers--env"></a>
-### Nested Schema for `spec.sidecar_containers.env`
+- `name` (String)
 
-Required:
 
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_metadata"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_metadata`
 
 Optional:
 
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from))
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
 
-<a id="nestedatt--spec--sidecar_containers--env--value_from"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from`
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context`
 
 Optional:
 
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--secret_key_ref))
+- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--app_armor_profile))
+- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--seccomp_profile))
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--sysctls))
+- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--max_scale--metrics--exporter--pod_security_context--windows_options))
 
-<a id="nestedatt--spec--sidecar_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.config_map_key_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.app_armor_profile`
 
 Required:
 
-- `key` (String) The key to select.
+- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.field_ref`
+- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
 
-Required:
 
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--se_linux_options"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.se_linux_options`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
+- `level` (String) Level is SELinux level label that applies to the container.
+- `role` (String) Role is a SELinux role label that applies to the container.
+- `type` (String) Type is a SELinux type label that applies to the container.
+- `user` (String) User is a SELinux user label that applies to the container.
 
 
-<a id="nestedatt--spec--sidecar_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.resource_field_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.seccomp_profile`
 
 Required:
 
-- `resource` (String) Required: resource to select
+- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
 
 
-<a id="nestedatt--spec--sidecar_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.secret_key_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--sysctls"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.sysctls`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String) Name of a property to set
+- `value` (String) Value of a property to set
 
 
+<a id="nestedatt--spec--max_scale--metrics--exporter--pod_security_context--windows_options"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.pod_security_context.windows_options`
 
+Optional:
 
-<a id="nestedatt--spec--sidecar_containers--env_from"></a>
-### Nested Schema for `spec.sidecar_containers.env_from`
+- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
+- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
-Optional:
 
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from--secret_ref))
 
-<a id="nestedatt--spec--sidecar_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env_from.config_map_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--resources"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.resources`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
-<a id="nestedatt--spec--sidecar_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env_from.secret_ref`
+<a id="nestedatt--spec--max_scale--metrics--exporter--tolerations"></a>
+### Nested Schema for `spec.max_scale.metrics.exporter.tolerations`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe`
+<a id="nestedatt--spec--max_scale--metrics--service_monitor"></a>
+### Nested Schema for `spec.max_scale.metrics.service_monitor`
 
 Optional:
 
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+- `interval` (String) Interval for scraping metrics.
+- `job_label` (String) JobLabel to add to the ServiceMonitor object.
+- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
+- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.exec`
 
-Optional:
 
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+<a id="nestedatt--spec--max_scale--monitor"></a>
+### Nested Schema for `spec.max_scale.monitor`
 
+Optional:
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.grpc`
+- `cooperative_monitoring` (String) CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled.
+- `interval` (String) Interval used to monitor MariaDB servers. It is defaulted if not provided.
+- `module` (String) Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.
+- `name` (String) Name is the identifier of the monitor. It is defaulted if not provided.
+- `params` (Map of String) Params defines extra parameters to pass to the monitor. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-Required:
 
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
+<a id="nestedatt--spec--max_scale--pod_disruption_budget"></a>
+### Nested Schema for `spec.max_scale.pod_disruption_budget`
 
 Optional:
 
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
+- `min_available` (String) MinAvailable defines the number of minimum available Pods.
 
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.http_get`
+<a id="nestedatt--spec--max_scale--services"></a>
+### Nested Schema for `spec.max_scale.services`
 
 Required:
 
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+- `listener` (Attributes) MaxScaleListener defines how the MaxScale server will listen for connections. (see [below for nested schema](#nestedatt--spec--max_scale--services--listener))
+- `name` (String) Name is the identifier of the MaxScale service.
+- `router` (String) Router is the type of router to use.
 
 Optional:
 
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
+- `params` (Map of String) Params defines extra parameters to pass to the service. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.http_get.http_headers`
+<a id="nestedatt--spec--max_scale--services--listener"></a>
+### Nested Schema for `spec.max_scale.services.listener`
 
 Required:
 
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
+- `port` (Number) Port is the network port where the MaxScale server will listen.
 
+Optional:
 
+- `name` (String) Name is the identifier of the listener. It is defaulted if not provided
+- `params` (Map of String) Params defines extra parameters to pass to the listener. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.
+- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.tcp_socket`
 
-Required:
 
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+<a id="nestedatt--spec--max_scale--update_strategy"></a>
+### Nested Schema for `spec.max_scale.update_strategy`
 
 Optional:
 
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
+- `rolling_update` (Attributes) RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. (see [below for nested schema](#nestedatt--spec--max_scale--update_strategy--rolling_update))
+- `type` (String) Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
+
+<a id="nestedatt--spec--max_scale--update_strategy--rolling_update"></a>
+### Nested Schema for `spec.max_scale.update_strategy.rolling_update`
 
+Optional:
 
+- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
 
-<a id="nestedatt--spec--sidecar_containers--readiness_probe"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe`
 
-Optional:
 
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.exec`
+<a id="nestedatt--spec--max_scale_ref"></a>
+### Nested Schema for `spec.max_scale_ref`
 
 Optional:
 
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+- `name` (String)
+- `namespace` (String)
 
 
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.grpc`
+<a id="nestedatt--spec--metrics"></a>
+### Nested Schema for `spec.metrics`
 
-Required:
+Optional:
+
+- `enabled` (Boolean) Enabled is a flag to enable Metrics
+- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--metrics--exporter))
+- `password_secret_key_ref` (Attributes) PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the password. (see [below for nested schema](#nestedatt--spec--metrics--password_secret_key_ref))
+- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--metrics--service_monitor))
+- `username` (String) Username is the username of the monitoring user used by the exporter.
 
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
+<a id="nestedatt--spec--metrics--exporter"></a>
+### Nested Schema for `spec.metrics.exporter`
 
 Optional:
 
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity))
+- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--metrics--exporter--image_pull_secrets))
+- `node_selector` (Map of String) NodeSelector to be used in the Pod.
+- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_metadata))
+- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context))
+- `port` (Number) Port where the exporter will be listening for connections.
+- `priority_class_name` (String) PriorityClassName to be used in the Pod.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources))
+- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--tolerations))
 
+<a id="nestedatt--spec--metrics--exporter--affinity"></a>
+### Nested Schema for `spec.metrics.exporter.affinity`
 
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.http_get`
+Optional:
 
-Required:
+- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity))
 
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity`
 
 Optional:
 
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.http_get.http_headers`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.tcp_socket`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+- `topology_key` (String)
 
 Optional:
 
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
-
-<a id="nestedatt--spec--sidecar_containers--resources"></a>
-### Nested Schema for `spec.sidecar_containers.resources`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--sidecar_containers--resources--claims"></a>
-### Nested Schema for `spec.sidecar_containers.resources.claims`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
 
 Required:
 
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
-<a id="nestedatt--spec--sidecar_containers--security_context"></a>
-### Nested Schema for `spec.sidecar_containers.security_context`
 
-Optional:
 
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--windows_options))
 
-<a id="nestedatt--spec--sidecar_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.app_armor_profile`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.capabilities`
+- `topology_key` (String)
 
 Optional:
 
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
-<a id="nestedatt--spec--sidecar_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.se_linux_options`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
 
 Optional:
 
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--sidecar_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.seccomp_profile`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
 Required:
 
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.windows_options`
-
-Optional:
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
 
 
-<a id="nestedatt--spec--sidecar_containers--volume_mounts"></a>
-### Nested Schema for `spec.sidecar_containers.volume_mounts`
 
-Required:
 
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
+<a id="nestedatt--spec--metrics--exporter--image_pull_secrets"></a>
+### Nested Schema for `spec.metrics.exporter.image_pull_secrets`
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
+- `name` (String)
 
 
-
-<a id="nestedatt--spec--storage"></a>
-### Nested Schema for `spec.storage`
+<a id="nestedatt--spec--metrics--exporter--pod_metadata"></a>
+### Nested Schema for `spec.metrics.exporter.pod_metadata`
 
 Optional:
 
-- `ephemeral` (Boolean) Ephemeral indicates whether to use ephemeral storage in the PVCs. It is only compatible with non HA MariaDBs.
-- `resize_in_use_volumes` (Boolean) ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing. It defaults to true.
-- `size` (String) Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It superseeds the storage size specified in 'VolumeClaimTemplate'.
-- `storage_class_name` (String) StorageClassName to be used to provision the PVCS. It superseeds the 'StorageClassName' specified in 'VolumeClaimTemplate'. If not provided, the default 'StorageClass' configured in the cluster is used.
-- `volume_claim_template` (Attributes) VolumeClaimTemplate provides a template to define the PVCs. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template))
-- `wait_for_volume_resize` (Boolean) WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress. It defaults to true.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--storage--volume_claim_template"></a>
-### Nested Schema for `spec.storage.volume_claim_template`
+
+<a id="nestedatt--spec--metrics--exporter--pod_security_context"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context`
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--data_source_ref))
-- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--metadata))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile))
+- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile))
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--sysctls))
+- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--windows_options))
 
-<a id="nestedatt--spec--storage--volume_claim_template--data_source"></a>
-### Nested Schema for `spec.storage.volume_claim_template.data_source`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.app_armor_profile`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
 
 
-<a id="nestedatt--spec--storage--volume_claim_template--data_source_ref"></a>
-### Nested Schema for `spec.storage.volume_claim_template.data_source_ref`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.se_linux_options`
 
-Required:
+Optional:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `level` (String) Level is SELinux level label that applies to the container.
+- `role` (String) Role is a SELinux role label that applies to the container.
+- `type` (String) Type is a SELinux type label that applies to the container.
+- `user` (String) User is a SELinux user label that applies to the container.
 
-Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.seccomp_profile`
 
+Required:
 
-<a id="nestedatt--spec--storage--volume_claim_template--metadata"></a>
-### Nested Schema for `spec.storage.volume_claim_template.metadata`
+- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 
 Optional:
 
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
+- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
 
 
-<a id="nestedatt--spec--storage--volume_claim_template--resources"></a>
-### Nested Schema for `spec.storage.volume_claim_template.resources`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--sysctls"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.sysctls`
 
-Optional:
+Required:
 
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `name` (String) Name of a property to set
+- `value` (String) Value of a property to set
 
 
-<a id="nestedatt--spec--storage--volume_claim_template--selector"></a>
-### Nested Schema for `spec.storage.volume_claim_template.selector`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--windows_options"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.windows_options`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
+- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
-<a id="nestedatt--spec--storage--volume_claim_template--selector--match_expressions"></a>
-### Nested Schema for `spec.storage.volume_claim_template.selector.match_expressions`
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--metrics--exporter--resources"></a>
+### Nested Schema for `spec.metrics.exporter.resources`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
-<a id="nestedatt--spec--tolerations"></a>
-### Nested Schema for `spec.tolerations`
+<a id="nestedatt--spec--metrics--exporter--tolerations"></a>
+### Nested Schema for `spec.metrics.exporter.tolerations`
 
 Optional:
 
@@ -10322,636 +2212,573 @@ Optional:
 - `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 
-<a id="nestedatt--spec--topology_spread_constraints"></a>
-### Nested Schema for `spec.topology_spread_constraints`
-
-Required:
-
-- `max_skew` (Number) MaxSkew describes the degree to which pods may be unevenly distributed. When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-- `topology_key` (String) TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a 'bucket', and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is 'kubernetes.io/hostname', each Node is a domain of that topology. And, if TopologyKey is 'topology.kubernetes.io/zone', each zone is a domain of that topology. It's a required field.
-- `when_unsatisfiable` (String) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered 'Unsatisfiable' for an incoming pod if and only if every possible node assignment for that pod would violate 'MaxSkew' on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
 
-Optional:
+<a id="nestedatt--spec--metrics--password_secret_key_ref"></a>
+### Nested Schema for `spec.metrics.password_secret_key_ref`
 
-- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
-- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
-- `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-- `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+Required:
 
-<a id="nestedatt--spec--topology_spread_constraints--label_selector"></a>
-### Nested Schema for `spec.topology_spread_constraints.label_selector`
+- `key` (String)
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--topology_spread_constraints--label_selector--match_expressions"></a>
-### Nested Schema for `spec.topology_spread_constraints.label_selector.match_expressions`
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
-Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--metrics--service_monitor"></a>
+### Nested Schema for `spec.metrics.service_monitor`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `interval` (String) Interval for scraping metrics.
+- `job_label` (String) JobLabel to add to the ServiceMonitor object.
+- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
+- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
 
 
-<a id="nestedatt--spec--update_strategy"></a>
-### Nested Schema for `spec.update_strategy`
 
-Optional:
+<a id="nestedatt--spec--my_cnf_config_map_key_ref"></a>
+### Nested Schema for `spec.my_cnf_config_map_key_ref`
 
-- `auto_update_data_plane` (Boolean) AutoUpdateDataPlane indicates whether the Galera data plane version (agent and init containers) should be automatically updated based on the operator version. It defaults to false. Updating the operator will trigger updates on all the MariaDB instances that have this flag set to true. Thus, it is recommended to progressively set this flag after having updated the operator.
-- `rolling_update` (Attributes) RollingUpdate defines parameters for the RollingUpdate type. (see [below for nested schema](#nestedatt--spec--update_strategy--rolling_update))
-- `type` (String) Type defines the type of updates. One of 'ReplicasFirstPrimaryLast', 'RollingUpdate' or 'OnDelete'. If not defined, it defaults to 'ReplicasFirstPrimaryLast'.
+Required:
 
-<a id="nestedatt--spec--update_strategy--rolling_update"></a>
-### Nested Schema for `spec.update_strategy.rolling_update`
+- `key` (String)
 
 Optional:
 
-- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
-- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
-
+- `name` (String)
 
 
-<a id="nestedatt--spec--volume_mounts"></a>
-### Nested Schema for `spec.volume_mounts`
+<a id="nestedatt--spec--password_hash_secret_key_ref"></a>
+### Nested Schema for `spec.password_hash_secret_key_ref`
 
 Required:
 
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
+- `key` (String)
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-<a id="nestedatt--spec--volumes"></a>
-### Nested Schema for `spec.volumes`
-
-Required:
-
-- `name` (String) name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--volumes--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volumes--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volumes--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volumes--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--volumes--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--volumes--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--volumes--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--volumes--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--volumes--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--volumes--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--volumes--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--volumes--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--volumes--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--volumes--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--volumes--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--volumes--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--volumes--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--volumes--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--volumes--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--volumes--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volumes--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--volumes--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volumes--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--volumes--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volumes--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--vsphere_volume))
-
-<a id="nestedatt--spec--volumes--aws_elastic_block_store"></a>
-### Nested Schema for `spec.volumes.aws_elastic_block_store`
+- `name` (String)
 
-Required:
 
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+<a id="nestedatt--spec--password_plugin"></a>
+### Nested Schema for `spec.password_plugin`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
+- `plugin_arg_secret_key_ref` (Attributes) PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the authentication plugin arguments. (see [below for nested schema](#nestedatt--spec--password_plugin--plugin_arg_secret_key_ref))
+- `plugin_name_secret_key_ref` (Attributes) PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. If the referred Secret is labeled with 'k8s.mariadb.com/watch', updates may be performed to the Secret in order to update the authentication plugin. (see [below for nested schema](#nestedatt--spec--password_plugin--plugin_name_secret_key_ref))
 
-<a id="nestedatt--spec--volumes--azure_disk"></a>
-### Nested Schema for `spec.volumes.azure_disk`
+<a id="nestedatt--spec--password_plugin--plugin_arg_secret_key_ref"></a>
+### Nested Schema for `spec.password_plugin.plugin_arg_secret_key_ref`
 
 Required:
 
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
+- `key` (String)
 
 Optional:
 
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+- `name` (String)
 
 
-<a id="nestedatt--spec--volumes--azure_file"></a>
-### Nested Schema for `spec.volumes.azure_file`
+<a id="nestedatt--spec--password_plugin--plugin_name_secret_key_ref"></a>
+### Nested Schema for `spec.password_plugin.plugin_name_secret_key_ref`
 
 Required:
 
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
+- `key` (String)
 
 Optional:
 
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+- `name` (String)
 
 
-<a id="nestedatt--spec--volumes--cephfs"></a>
-### Nested Schema for `spec.volumes.cephfs`
+
+<a id="nestedatt--spec--password_secret_key_ref"></a>
+### Nested Schema for `spec.password_secret_key_ref`
 
 Required:
 
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+- `key` (String)
 
 Optional:
 
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volumes--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--volumes--cephfs--secret_ref"></a>
-### Nested Schema for `spec.volumes.cephfs.secret_ref`
-
-Optional:
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
+<a id="nestedatt--spec--pod_disruption_budget"></a>
+### Nested Schema for `spec.pod_disruption_budget`
 
+Optional:
 
-<a id="nestedatt--spec--volumes--cinder"></a>
-### Nested Schema for `spec.volumes.cinder`
+- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
+- `min_available` (String) MinAvailable defines the number of minimum available Pods.
 
-Required:
 
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+<a id="nestedatt--spec--pod_metadata"></a>
+### Nested Schema for `spec.pod_metadata`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--volumes--cinder--secret_ref))
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--volumes--cinder--secret_ref"></a>
-### Nested Schema for `spec.volumes.cinder.secret_ref`
+
+<a id="nestedatt--spec--pod_security_context"></a>
+### Nested Schema for `spec.pod_security_context`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--app_armor_profile))
+- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--seccomp_profile))
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--sysctls))
+- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_security_context--windows_options))
 
+<a id="nestedatt--spec--pod_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.pod_security_context.app_armor_profile`
 
+Required:
 
-<a id="nestedatt--spec--volumes--config_map"></a>
-### Nested Schema for `spec.volumes.config_map`
+- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 
 Optional:
 
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--volumes--config_map--items"></a>
-### Nested Schema for `spec.volumes.config_map.items`
+- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
 
-Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--pod_security_context--se_linux_options"></a>
+### Nested Schema for `spec.pod_security_context.se_linux_options`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
+- `level` (String) Level is SELinux level label that applies to the container.
+- `role` (String) Role is a SELinux role label that applies to the container.
+- `type` (String) Type is a SELinux type label that applies to the container.
+- `user` (String) User is a SELinux user label that applies to the container.
 
 
-<a id="nestedatt--spec--volumes--csi"></a>
-### Nested Schema for `spec.volumes.csi`
+<a id="nestedatt--spec--pod_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.pod_security_context.seccomp_profile`
 
 Required:
 
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 
 Optional:
 
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--volumes--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
 
-<a id="nestedatt--spec--volumes--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.volumes.csi.node_publish_secret_ref`
 
-Optional:
+<a id="nestedatt--spec--pod_security_context--sysctls"></a>
+### Nested Schema for `spec.pod_security_context.sysctls`
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+Required:
 
+- `name` (String) Name of a property to set
+- `value` (String) Value of a property to set
 
 
-<a id="nestedatt--spec--volumes--downward_api"></a>
-### Nested Schema for `spec.volumes.downward_api`
+<a id="nestedatt--spec--pod_security_context--windows_options"></a>
+### Nested Schema for `spec.pod_security_context.windows_options`
 
 Optional:
 
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items))
+- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
+- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
-<a id="nestedatt--spec--volumes--downward_api--items"></a>
-### Nested Schema for `spec.volumes.downward_api.items`
 
-Required:
 
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+<a id="nestedatt--spec--primary_connection"></a>
+### Nested Schema for `spec.primary_connection`
 
 Optional:
 
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--volumes--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volumes.downward_api.items.field_ref`
-
-Required:
+- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--primary_connection--health_check))
+- `params` (Map of String) Params to be used in the Connection.
+- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
+- `secret_name` (String) SecretName to be used in the Connection.
+- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--primary_connection--secret_template))
+- `service_name` (String) ServiceName to be used in the Connection.
 
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--primary_connection--health_check"></a>
+### Nested Schema for `spec.primary_connection.health_check`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
+- `interval` (String) Interval used to perform health checks.
+- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
+
 
+<a id="nestedatt--spec--primary_connection--secret_template"></a>
+### Nested Schema for `spec.primary_connection.secret_template`
 
-<a id="nestedatt--spec--volumes--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volumes.downward_api.items.resource_field_ref`
+Optional:
 
-Required:
+- `database_key` (String) DatabaseKey to be used in the Secret.
+- `format` (String) Format to be used in the Secret.
+- `host_key` (String) HostKey to be used in the Secret.
+- `key` (String) Key to be used in the Secret.
+- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--primary_connection--secret_template--metadata))
+- `password_key` (String) PasswordKey to be used in the Secret.
+- `port_key` (String) PortKey to be used in the Secret.
+- `username_key` (String) UsernameKey to be used in the Secret.
 
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--primary_connection--secret_template--metadata"></a>
+### Nested Schema for `spec.primary_connection.secret_template.metadata`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
 
 
 
-<a id="nestedatt--spec--volumes--empty_dir"></a>
-### Nested Schema for `spec.volumes.empty_dir`
+<a id="nestedatt--spec--primary_service"></a>
+### Nested Schema for `spec.primary_service`
 
 Optional:
 
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--primary_service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-<a id="nestedatt--spec--volumes--ephemeral"></a>
-### Nested Schema for `spec.volumes.ephemeral`
+<a id="nestedatt--spec--primary_service--metadata"></a>
+### Nested Schema for `spec.primary_service.metadata`
 
 Optional:
 
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template))
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template`
 
-Required:
 
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec))
+<a id="nestedatt--spec--readiness_probe"></a>
+### Nested Schema for `spec.readiness_probe`
 
 Optional:
 
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--readiness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec`
+<a id="nestedatt--spec--readiness_probe--exec"></a>
+### Nested Schema for `spec.readiness_probe.exec`
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `command` (List of String)
+
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.data_source`
+<a id="nestedatt--spec--readiness_probe--http_get"></a>
+### Nested Schema for `spec.readiness_probe.http_get`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `port` (String)
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+<a id="nestedatt--spec--replication"></a>
+### Nested Schema for `spec.replication`
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
+- `enabled` (Boolean) Enabled is a flag to enable Replication.
+- `primary` (Attributes) Primary is the replication configuration for the primary node. (see [below for nested schema](#nestedatt--spec--replication--primary))
+- `probes_enabled` (Boolean) ProbesEnabled indicates to use replication specific liveness and readiness probes. This probes check that the primary can receive queries and that the replica has the replication thread running.
+- `replica` (Attributes) ReplicaReplication is the replication configuration for the replica nodes. (see [below for nested schema](#nestedatt--spec--replication--replica))
+- `sync_binlog` (Boolean) SyncBinlog indicates whether the binary log should be synchronized to the disk after every event. It trades off performance for consistency. See: https://mariadb.com/kb/en/replication-and-binary-log-system-variables/#sync_binlog.
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.resources`
+<a id="nestedatt--spec--replication--primary"></a>
+### Nested Schema for `spec.replication.primary`
 
 Optional:
 
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `automatic_failover` (Boolean) AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
+- `pod_index` (Number) PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
 
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.selector`
+<a id="nestedatt--spec--replication--replica"></a>
+### Nested Schema for `spec.replication.replica`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `connection_retries` (Number) ConnectionRetries to be used when the replica connects to the primary.
+- `connection_timeout` (String) ConnectionTimeout to be used when the replica connects to the primary.
+- `gtid` (String) Gtid indicates which Global Transaction ID should be used when connecting a replica to the master. See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos.
+- `repl_password_secret_key_ref` (Attributes) ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user. (see [below for nested schema](#nestedatt--spec--replication--replica--repl_password_secret_key_ref))
+- `sync_timeout` (String) SyncTimeout defines the timeout for a replica to be synced with the primary when performing a primary switchover. If the timeout is reached, the replica GTID will be reset and the switchover will continue.
+- `wait_point` (String) WaitPoint defines whether the transaction should wait for ACK before committing to the storage engine. More info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.selector.match_expressions`
+<a id="nestedatt--spec--replication--replica--repl_password_secret_key_ref"></a>
+### Nested Schema for `spec.replication.replica.repl_password_secret_key_ref`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String)
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
 
 
 
-<a id="nestedatt--spec--volumes--fc"></a>
-### Nested Schema for `spec.volumes.fc`
+<a id="nestedatt--spec--resources"></a>
+### Nested Schema for `spec.resources`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
-<a id="nestedatt--spec--volumes--flex_volume"></a>
-### Nested Schema for `spec.volumes.flex_volume`
+<a id="nestedatt--spec--root_password_secret_key_ref"></a>
+### Nested Schema for `spec.root_password_secret_key_ref`
 
 Required:
 
-- `driver` (String) driver is the name of the driver to use for this volume.
+- `key` (String)
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--volumes--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--volumes--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.volumes.flex_volume.secret_ref`
+- `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
+- `name` (String)
 
-Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+<a id="nestedatt--spec--secondary_connection"></a>
+### Nested Schema for `spec.secondary_connection`
 
+Optional:
 
+- `health_check` (Attributes) HealthCheck to be used in the Connection. (see [below for nested schema](#nestedatt--spec--secondary_connection--health_check))
+- `params` (Map of String) Params to be used in the Connection.
+- `port` (Number) Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
+- `secret_name` (String) SecretName to be used in the Connection.
+- `secret_template` (Attributes) SecretTemplate to be used in the Connection. (see [below for nested schema](#nestedatt--spec--secondary_connection--secret_template))
+- `service_name` (String) ServiceName to be used in the Connection.
 
-<a id="nestedatt--spec--volumes--flocker"></a>
-### Nested Schema for `spec.volumes.flocker`
+<a id="nestedatt--spec--secondary_connection--health_check"></a>
+### Nested Schema for `spec.secondary_connection.health_check`
 
 Optional:
 
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--volumes--gce_persistent_disk"></a>
-### Nested Schema for `spec.volumes.gce_persistent_disk`
+- `interval` (String) Interval used to perform health checks.
+- `retry_interval` (String) RetryInterval is the interval used to perform health check retries.
 
-Required:
 
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+<a id="nestedatt--spec--secondary_connection--secret_template"></a>
+### Nested Schema for `spec.secondary_connection.secret_template`
 
 Optional:
 
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+- `database_key` (String) DatabaseKey to be used in the Secret.
+- `format` (String) Format to be used in the Secret.
+- `host_key` (String) HostKey to be used in the Secret.
+- `key` (String) Key to be used in the Secret.
+- `metadata` (Attributes) Metadata to be added to the Secret object. (see [below for nested schema](#nestedatt--spec--secondary_connection--secret_template--metadata))
+- `password_key` (String) PasswordKey to be used in the Secret.
+- `port_key` (String) PortKey to be used in the Secret.
+- `username_key` (String) UsernameKey to be used in the Secret.
 
+<a id="nestedatt--spec--secondary_connection--secret_template--metadata"></a>
+### Nested Schema for `spec.secondary_connection.secret_template.metadata`
 
-<a id="nestedatt--spec--volumes--git_repo"></a>
-### Nested Schema for `spec.volumes.git_repo`
+Optional:
 
-Required:
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-- `repository` (String) repository is the URL
 
-Optional:
 
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
 
+<a id="nestedatt--spec--secondary_service"></a>
+### Nested Schema for `spec.secondary_service`
 
-<a id="nestedatt--spec--volumes--glusterfs"></a>
-### Nested Schema for `spec.volumes.glusterfs`
+Optional:
 
-Required:
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--secondary_service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+<a id="nestedatt--spec--secondary_service--metadata"></a>
+### Nested Schema for `spec.secondary_service.metadata`
 
 Optional:
 
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--volumes--host_path"></a>
-### Nested Schema for `spec.volumes.host_path`
 
-Required:
 
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+<a id="nestedatt--spec--security_context"></a>
+### Nested Schema for `spec.security_context`
 
 Optional:
 
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
-<a id="nestedatt--spec--volumes--image"></a>
-### Nested Schema for `spec.volumes.image`
+<a id="nestedatt--spec--security_context--capabilities"></a>
+### Nested Schema for `spec.security_context.capabilities`
 
 Optional:
 
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
+- `add` (List of String) Added capabilities
+- `drop` (List of String) Removed capabilities
 
-<a id="nestedatt--spec--volumes--iscsi"></a>
-### Nested Schema for `spec.volumes.iscsi`
 
-Required:
 
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+<a id="nestedatt--spec--service"></a>
+### Nested Schema for `spec.service`
 
 Optional:
 
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--volumes--iscsi--secret_ref))
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-<a id="nestedatt--spec--volumes--iscsi--secret_ref"></a>
-### Nested Schema for `spec.volumes.iscsi.secret_ref`
+<a id="nestedatt--spec--service--metadata"></a>
+### Nested Schema for `spec.service.metadata`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
 
 
-<a id="nestedatt--spec--volumes--nfs"></a>
-### Nested Schema for `spec.volumes.nfs`
+<a id="nestedatt--spec--sidecar_containers"></a>
+### Nested Schema for `spec.sidecar_containers`
 
 Required:
 
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+- `image` (String) Image name to be used by the container. The supported format is '<image>:<tag>'.
 
 Optional:
 
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--volumes--persistent_volume_claim"></a>
-### Nested Schema for `spec.volumes.persistent_volume_claim`
-
-Required:
+- `args` (List of String) Args to be used in the Container.
+- `command` (List of String) Command to be used in the Container.
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--sidecar_containers--resources))
+- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--volume_mounts))
 
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+<a id="nestedatt--spec--sidecar_containers--resources"></a>
+### Nested Schema for `spec.sidecar_containers.resources`
 
 Optional:
 
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
-<a id="nestedatt--spec--volumes--photon_persistent_disk"></a>
-### Nested Schema for `spec.volumes.photon_persistent_disk`
+<a id="nestedatt--spec--sidecar_containers--volume_mounts"></a>
+### Nested Schema for `spec.sidecar_containers.volume_mounts`
 
 Required:
 
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
+- `read_only` (Boolean)
+- `sub_path` (String)
 
-<a id="nestedatt--spec--volumes--portworx_volume"></a>
-### Nested Schema for `spec.volumes.portworx_volume`
 
-Required:
 
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
+<a id="nestedatt--spec--storage"></a>
+### Nested Schema for `spec.storage`
 
 Optional:
 
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
+- `ephemeral` (Boolean) Ephemeral indicates whether to use ephemeral storage in the PVCs. It is only compatible with non HA MariaDBs.
+- `resize_in_use_volumes` (Boolean) ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing. It defaults to true.
+- `size` (String) Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It superseeds the storage size specified in 'VolumeClaimTemplate'.
+- `storage_class_name` (String) StorageClassName to be used to provision the PVCS. It superseeds the 'StorageClassName' specified in 'VolumeClaimTemplate'. If not provided, the default 'StorageClass' configured in the cluster is used.
+- `volume_claim_template` (Attributes) VolumeClaimTemplate provides a template to define the PVCs. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template))
+- `wait_for_volume_resize` (Boolean) WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress. It defaults to true.
 
-<a id="nestedatt--spec--volumes--projected"></a>
-### Nested Schema for `spec.volumes.projected`
+<a id="nestedatt--spec--storage--volume_claim_template"></a>
+### Nested Schema for `spec.storage.volume_claim_template`
 
 Optional:
 
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources))
+- `access_modes` (List of String)
+- `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--metadata))
+- `resources` (Attributes) VolumeResourceRequirements describes the storage resource requirements for a volume. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--resources))
+- `selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--selector))
+- `storage_class_name` (String)
 
-<a id="nestedatt--spec--volumes--projected--sources"></a>
-### Nested Schema for `spec.volumes.projected.sources`
+<a id="nestedatt--spec--storage--volume_claim_template--metadata"></a>
+### Nested Schema for `spec.storage.volume_claim_template.metadata`
 
 Optional:
 
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle`
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-Required:
 
-- `path` (String) Relative path from the volume root to write the bundle.
+<a id="nestedatt--spec--storage--volume_claim_template--resources"></a>
+### Nested Schema for `spec.storage.volume_claim_template.resources`
 
 Optional:
 
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
 
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle.label_selector`
+<a id="nestedatt--spec--storage--volume_claim_template--selector"></a>
+### Nested Schema for `spec.storage.volume_claim_template.selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
+<a id="nestedatt--spec--storage--volume_claim_template--selector--match_expressions"></a>
+### Nested Schema for `spec.storage.volume_claim_template.selector.match_expressions`
 
 Required:
 
@@ -10965,149 +2792,122 @@ Optional:
 
 
 
-<a id="nestedatt--spec--volumes--projected--sources--config_map"></a>
-### Nested Schema for `spec.volumes.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--volumes--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.config_map.items`
-
-Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--tolerations"></a>
+### Nested Schema for `spec.tolerations`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volumes--projected--sources--downward_api"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api`
-
-Optional:
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items))
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items`
+<a id="nestedatt--spec--topology_spread_constraints"></a>
+### Nested Schema for `spec.topology_spread_constraints`
 
 Required:
 
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+- `max_skew` (Number)
+- `topology_key` (String)
+- `when_unsatisfiable` (String)
 
 Optional:
 
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items--resource_field_ref))
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector))
+- `match_label_keys` (List of String)
+- `min_domains` (Number)
+- `node_affinity_policy` (String) NodeInclusionPolicy defines the type of node inclusion policy
+- `node_taints_policy` (String) NodeInclusionPolicy defines the type of node inclusion policy
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--topology_spread_constraints--label_selector"></a>
+### Nested Schema for `spec.topology_spread_constraints.label_selector`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items.resource_field_ref`
+<a id="nestedatt--spec--topology_spread_constraints--label_selector--match_expressions"></a>
+### Nested Schema for `spec.topology_spread_constraints.label_selector.match_expressions`
 
 Required:
 
-- `resource` (String) Required: resource to select
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
 
 
-<a id="nestedatt--spec--volumes--projected--sources--secret"></a>
-### Nested Schema for `spec.volumes.projected.sources.secret`
+<a id="nestedatt--spec--update_strategy"></a>
+### Nested Schema for `spec.update_strategy`
 
 Optional:
 
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--volumes--projected--sources--secret--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.secret.items`
-
-Required:
+- `auto_update_data_plane` (Boolean) AutoUpdateDataPlane indicates whether the Galera data-plane version (agent and init containers) should be automatically updated based on the operator version. It defaults to false. Updating the operator will trigger updates on all the MariaDB instances that have this flag set to true. Thus, it is recommended to progressively set this flag after having updated the operator.
+- `rolling_update` (Attributes) RollingUpdate defines parameters for the RollingUpdate type. (see [below for nested schema](#nestedatt--spec--update_strategy--rolling_update))
+- `type` (String) Type defines the type of updates. One of 'ReplicasFirstPrimaryLast', 'RollingUpdate' or 'OnDelete'. If not defined, it defaults to 'ReplicasFirstPrimaryLast'.
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--update_strategy--rolling_update"></a>
+### Nested Schema for `spec.update_strategy.rolling_update`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
 
 
 
-<a id="nestedatt--spec--volumes--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.volumes.projected.sources.service_account_token`
+<a id="nestedatt--spec--volume_mounts"></a>
+### Nested Schema for `spec.volume_mounts`
 
 Required:
 
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+- `read_only` (Boolean)
+- `sub_path` (String)
 
 
-
-
-<a id="nestedatt--spec--volumes--quobyte"></a>
-### Nested Schema for `spec.volumes.quobyte`
+<a id="nestedatt--spec--volumes"></a>
+### Nested Schema for `spec.volumes`
 
 Required:
 
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
+- `name` (String)
 
 Optional:
 
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
+- `csi` (Attributes) Represents a source location of a volume to mount, managed by an external CSI driver (see [below for nested schema](#nestedatt--spec--volumes--csi))
+- `empty_dir` (Attributes) Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--volumes--empty_dir))
+- `nfs` (Attributes) Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling. (see [below for nested schema](#nestedatt--spec--volumes--nfs))
+- `persistent_volume_claim` (Attributes) PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system). (see [below for nested schema](#nestedatt--spec--volumes--persistent_volume_claim))
 
-
-<a id="nestedatt--spec--volumes--rbd"></a>
-### Nested Schema for `spec.volumes.rbd`
+<a id="nestedatt--spec--volumes--csi"></a>
+### Nested Schema for `spec.volumes.csi`
 
 Required:
 
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volumes--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--volumes--csi--node_publish_secret_ref))
+- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 
-<a id="nestedatt--spec--volumes--rbd--secret_ref"></a>
-### Nested Schema for `spec.volumes.rbd.secret_ref`
+<a id="nestedatt--spec--volumes--csi--node_publish_secret_ref"></a>
+### Nested Schema for `spec.volumes.csi.node_publish_secret_ref`
 
 Optional:
 
@@ -11115,87 +2915,35 @@ Optional:
 
 
 
-<a id="nestedatt--spec--volumes--scale_io"></a>
-### Nested Schema for `spec.volumes.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--volumes--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--volumes--scale_io--secret_ref"></a>
-### Nested Schema for `spec.volumes.scale_io.secret_ref`
+<a id="nestedatt--spec--volumes--empty_dir"></a>
+### Nested Schema for `spec.volumes.empty_dir`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volumes--secret"></a>
-### Nested Schema for `spec.volumes.secret`
-
-Optional:
+- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 
-<a id="nestedatt--spec--volumes--secret--items"></a>
-### Nested Schema for `spec.volumes.secret.items`
+<a id="nestedatt--spec--volumes--nfs"></a>
+### Nested Schema for `spec.volumes.nfs`
 
 Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volumes--storageos"></a>
-### Nested Schema for `spec.volumes.storageos`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--volumes--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--volumes--storageos--secret_ref"></a>
-### Nested Schema for `spec.volumes.storageos.secret_ref`
+- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
+- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 
 
-<a id="nestedatt--spec--volumes--vsphere_volume"></a>
-### Nested Schema for `spec.volumes.vsphere_volume`
+<a id="nestedatt--spec--volumes--persistent_volume_claim"></a>
+### Nested Schema for `spec.volumes.persistent_volume_claim`
 
 Required:
 
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
+- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 Optional:
 
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
diff --git a/docs/data-sources/k8s_mariadb_com_max_scale_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_max_scale_v1alpha1_manifest.md
index 248364f7d..0a0318eca 100644
--- a/docs/data-sources/k8s_mariadb_com_max_scale_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_max_scale_v1alpha1_manifest.md
@@ -69,7 +69,6 @@ Optional:
 - `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
 - `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
 - `inherit_metadata` (Attributes) InheritMetadata defines the metadata to be inherited by children resources. (see [below for nested schema](#nestedatt--spec--inherit_metadata))
-- `init_containers` (Attributes List) InitContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--init_containers))
 - `kubernetes_service` (Attributes) KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale. (see [below for nested schema](#nestedatt--spec--kubernetes_service))
 - `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--liveness_probe))
 - `maria_db_ref` (Attributes) MariaDBRef is a reference to the MariaDB that MaxScale points to. It is used to initialize the servers field. (see [below for nested schema](#nestedatt--spec--maria_db_ref))
@@ -88,13 +87,11 @@ Optional:
 - `servers` (Attributes List) Servers are the MariaDB servers to forward traffic to. It is required if 'spec.mariaDbRef' is not provided. (see [below for nested schema](#nestedatt--spec--servers))
 - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
 - `services` (Attributes List) Services define how the traffic is forwarded to the MariaDB servers. It is defaulted if not provided. (see [below for nested schema](#nestedatt--spec--services))
-- `sidecar_containers` (Attributes List) SidecarContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--sidecar_containers))
 - `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 - `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (Attributes List) TopologySpreadConstraints to be used in the Pod. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints))
 - `update_strategy` (Attributes) UpdateStrategy defines the update strategy for the StatefulSet object. (see [below for nested schema](#nestedatt--spec--update_strategy))
 - `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (Attributes List) Volumes to be used in the Pod. (see [below for nested schema](#nestedatt--spec--volumes))
 
 <a id="nestedatt--spec--admin"></a>
 ### Nested Schema for `spec.admin`
@@ -111,274 +108,34 @@ Optional:
 Optional:
 
 - `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--affinity--node_affinity"></a>
-### Nested Schema for `spec.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity"></a>
-### Nested Schema for `spec.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
@@ -402,28 +159,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
@@ -431,15 +166,11 @@ Optional:
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
@@ -463,28 +194,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 
@@ -517,13 +226,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--auth--client_password_secret_key_ref"></a>
@@ -531,13 +239,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--auth--metrics_password_secret_key_ref"></a>
@@ -545,13 +252,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--auth--monitor_password_secret_key_ref"></a>
@@ -559,13 +265,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--auth--server_password_secret_key_ref"></a>
@@ -573,13 +278,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--auth--sync_password_secret_key_ref"></a>
@@ -587,13 +291,12 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
 - `generate` (Boolean) Generate indicates whether the Secret should be generated if the Secret referenced is not present.
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 
@@ -621,43 +324,11 @@ Optional:
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--data_source_ref))
+- `access_modes` (List of String)
 - `metadata` (Attributes) Metadata to be added to the PVC metadata. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--metadata))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--config--volume_claim_template--data_source"></a>
-### Nested Schema for `spec.config.volume_claim_template.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--config--volume_claim_template--data_source_ref"></a>
-### Nested Schema for `spec.config.volume_claim_template.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
+- `resources` (Attributes) VolumeResourceRequirements describes the storage resource requirements for a volume. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--resources))
+- `selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--config--volume_claim_template--selector))
+- `storage_class_name` (String)
 
 <a id="nestedatt--spec--config--volume_claim_template--metadata"></a>
 ### Nested Schema for `spec.config.volume_claim_template.metadata`
@@ -756,30 +427,28 @@ Required:
 
 Optional:
 
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--env--value_from))
+- `value` (String)
+- `value_from` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvarsource-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from))
 
 <a id="nestedatt--spec--env--value_from"></a>
 ### Nested Schema for `spec.env.value_from`
 
 Optional:
 
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--env--value_from--secret_key_ref))
+- `config_map_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#configmapkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--config_map_key_ref))
+- `field_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectfieldselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--field_ref))
+- `secret_key_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretkeyselector-v1-core. (see [below for nested schema](#nestedatt--spec--env--value_from--secret_key_ref))
 
 <a id="nestedatt--spec--env--value_from--config_map_key_ref"></a>
 ### Nested Schema for `spec.env.value_from.config_map_key_ref`
 
 Required:
 
-- `key` (String) The key to select.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--env--value_from--field_ref"></a>
@@ -787,24 +456,11 @@ Optional:
 
 Required:
 
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
+- `field_path` (String)
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `api_version` (String)
 
 
 <a id="nestedatt--spec--env--value_from--secret_key_ref"></a>
@@ -812,12 +468,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 
@@ -827,17 +482,16 @@ Optional:
 
 Optional:
 
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--env_from--secret_ref))
+- `config_map_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--env_from--config_map_ref))
+- `prefix` (String)
+- `secret_ref` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#localobjectreference-v1-core. (see [below for nested schema](#nestedatt--spec--env_from--secret_ref))
 
 <a id="nestedatt--spec--env_from--config_map_ref"></a>
 ### Nested Schema for `spec.env_from.config_map_ref`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--env_from--secret_ref"></a>
@@ -845,8 +499,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
+- `name` (String)
 
 
 
@@ -878,7 +531,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--inherit_metadata"></a>
@@ -890,4112 +543,146 @@ Optional:
 - `labels` (Map of String) Labels to be added to children resources.
 
 
-<a id="nestedatt--spec--init_containers"></a>
-### Nested Schema for `spec.init_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
+<a id="nestedatt--spec--kubernetes_service"></a>
+### Nested Schema for `spec.kubernetes_service`
 
 Optional:
 
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--init_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--init_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--init_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--init_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--init_containers--volume_mounts))
-
-<a id="nestedatt--spec--init_containers--env"></a>
-### Nested Schema for `spec.init_containers.env`
-
-Required:
+- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
+- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
+- `load_balancer_ip` (String) LoadBalancerIP Service field.
+- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
+- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--kubernetes_service--metadata))
+- `session_affinity` (String) SessionAffinity Service field.
+- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
 
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
+<a id="nestedatt--spec--kubernetes_service--metadata"></a>
+### Nested Schema for `spec.kubernetes_service.metadata`
 
 Optional:
 
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from))
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-<a id="nestedatt--spec--init_containers--env--value_from"></a>
-### Nested Schema for `spec.init_containers.env.value_from`
 
-Optional:
 
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--init_containers--env--value_from--secret_key_ref))
+<a id="nestedatt--spec--liveness_probe"></a>
+### Nested Schema for `spec.liveness_probe`
 
-<a id="nestedatt--spec--init_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.config_map_key_ref`
+Optional:
 
-Required:
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--liveness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-- `key` (String) The key to select.
+<a id="nestedatt--spec--liveness_probe--exec"></a>
+### Nested Schema for `spec.liveness_probe.exec`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+- `command` (List of String)
 
 
-<a id="nestedatt--spec--init_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.field_ref`
+<a id="nestedatt--spec--liveness_probe--http_get"></a>
+### Nested Schema for `spec.liveness_probe.http_get`
 
 Required:
 
-- `field_path` (String) Path of the field to select in the specified API version.
+- `port` (String)
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
-<a id="nestedatt--spec--init_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.resource_field_ref`
 
-Required:
 
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--maria_db_ref"></a>
+### Nested Schema for `spec.maria_db_ref`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--init_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.init_containers.env.value_from.secret_key_ref`
+- `name` (String)
+- `namespace` (String)
+- `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
-Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--metrics"></a>
+### Nested Schema for `spec.metrics`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `enabled` (Boolean) Enabled is a flag to enable Metrics
+- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--metrics--exporter))
+- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--metrics--service_monitor))
 
-
-
-
-<a id="nestedatt--spec--init_containers--env_from"></a>
-### Nested Schema for `spec.init_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--init_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--init_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--init_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.init_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--init_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.init_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe"></a>
-### Nested Schema for `spec.init_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--init_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--init_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--init_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--init_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.init_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe"></a>
-### Nested Schema for `spec.init_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--init_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--init_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--init_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--init_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.init_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--init_containers--resources"></a>
-### Nested Schema for `spec.init_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--init_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--init_containers--resources--claims"></a>
-### Nested Schema for `spec.init_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--init_containers--security_context"></a>
-### Nested Schema for `spec.init_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--init_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--init_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.init_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--init_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.init_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--init_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.init_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--init_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.init_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--init_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.init_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--init_containers--volume_mounts"></a>
-### Nested Schema for `spec.init_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--kubernetes_service"></a>
-### Nested Schema for `spec.kubernetes_service`
-
-Optional:
-
-- `allocate_load_balancer_node_ports` (Boolean) AllocateLoadBalancerNodePorts Service field.
-- `external_traffic_policy` (String) ExternalTrafficPolicy Service field.
-- `load_balancer_ip` (String) LoadBalancerIP Service field.
-- `load_balancer_source_ranges` (List of String) LoadBalancerSourceRanges Service field.
-- `metadata` (Attributes) Metadata to be added to the Service metadata. (see [below for nested schema](#nestedatt--spec--kubernetes_service--metadata))
-- `session_affinity` (String) SessionAffinity Service field.
-- `type` (String) Type is the Service type. One of 'ClusterIP', 'NodePort' or 'LoadBalancer'. If not defined, it defaults to 'ClusterIP'.
-
-<a id="nestedatt--spec--kubernetes_service--metadata"></a>
-### Nested Schema for `spec.kubernetes_service.metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-
-<a id="nestedatt--spec--liveness_probe"></a>
-### Nested Schema for `spec.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--liveness_probe--exec"></a>
-### Nested Schema for `spec.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--liveness_probe--grpc"></a>
-### Nested Schema for `spec.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--liveness_probe--http_get"></a>
-### Nested Schema for `spec.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--maria_db_ref"></a>
-### Nested Schema for `spec.maria_db_ref`
-
-Optional:
-
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-- `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
-
-
-<a id="nestedatt--spec--metrics"></a>
-### Nested Schema for `spec.metrics`
-
-Optional:
-
-- `enabled` (Boolean) Enabled is a flag to enable Metrics
-- `exporter` (Attributes) Exporter defines the metrics exporter container. (see [below for nested schema](#nestedatt--spec--metrics--exporter))
-- `service_monitor` (Attributes) ServiceMonitor defines the ServiceMonior object. (see [below for nested schema](#nestedatt--spec--metrics--service_monitor))
-
-<a id="nestedatt--spec--metrics--exporter"></a>
-### Nested Schema for `spec.metrics.exporter`
-
-Optional:
-
-- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity))
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from))
-- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--metrics--exporter--image_pull_secrets))
-- `init_containers` (Attributes List) InitContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers))
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe))
-- `node_selector` (Map of String) NodeSelector to be used in the Pod.
-- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_metadata))
-- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context))
-- `port` (Number) Port where the exporter will be listening for connections.
-- `priority_class_name` (String) PriorityClassName to be used in the Pod.
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context))
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
-- `sidecar_containers` (Attributes List) SidecarContainers to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers))
-- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--tolerations))
-- `topology_spread_constraints` (Attributes List) TopologySpreadConstraints to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volume_mounts))
-- `volumes` (Attributes List) Volumes to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes))
-
-<a id="nestedatt--spec--metrics--exporter--affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity`
-
-Optional:
-
-- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--env"></a>
-### Nested Schema for `spec.metrics.exporter.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--image_pull_secrets"></a>
-### Nested Schema for `spec.metrics.exporter.image_pull_secrets`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--volume_mounts))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--resources"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--init_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--init_containers--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.init_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_metadata"></a>
-### Nested Schema for `spec.metrics.exporter.pod_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context`
-
-Optional:
-
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile))
-- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
-- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
-- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
-- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--sysctls))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--sysctls"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.sysctls`
-
-Required:
-
-- `name` (String) Name of a property to set
-- `value` (String) Value of a property to set
-
-
-<a id="nestedatt--spec--metrics--exporter--pod_security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.pod_security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--resources"></a>
-### Nested Schema for `spec.metrics.exporter.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--volume_mounts))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--resources"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--resources--claims"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--sidecar_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--sidecar_containers--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.sidecar_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--tolerations"></a>
-### Nested Schema for `spec.metrics.exporter.tolerations`
-
-Optional:
-
-- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
-- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
-- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
-- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
-
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints`
-
-Required:
-
-- `max_skew` (Number) MaxSkew describes the degree to which pods may be unevenly distributed. When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-- `topology_key` (String) TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a 'bucket', and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is 'kubernetes.io/hostname', each Node is a domain of that topology. And, if TopologyKey is 'topology.kubernetes.io/zone', each zone is a domain of that topology. It's a required field.
-- `when_unsatisfiable` (String) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered 'Unsatisfiable' for an incoming pod if and only if every possible node assignment for that pod would violate 'MaxSkew' on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
-
-Optional:
-
-- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
-- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
-- `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-- `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--topology_spread_constraints--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.topology_spread_constraints.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volume_mounts"></a>
-### Nested Schema for `spec.metrics.exporter.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes"></a>
-### Nested Schema for `spec.metrics.exporter.volumes`
-
-Required:
-
-- `name` (String) name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--vsphere_volume))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--aws_elastic_block_store"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.aws_elastic_block_store`
-
-Required:
-
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--azure_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.azure_disk`
-
-Required:
-
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
-
-Optional:
-
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--azure_file"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.azure_file`
-
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cephfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cephfs--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cinder"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--cinder--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--cinder--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--config_map"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--config_map--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--csi"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--empty_dir"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.empty_dir`
-
-Optional:
-
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template`
-
-Required:
-
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec))
-
-Optional:
-
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.ephemeral.volume_claim_template.spec.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--fc"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flex_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flex_volume`
-
-Required:
-
-- `driver` (String) driver is the name of the driver to use for this volume.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flex_volume.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--flocker"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.flocker`
-
-Optional:
-
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--gce_persistent_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.gce_persistent_disk`
-
-Required:
-
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--git_repo"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.git_repo`
-
-Required:
-
-- `repository` (String) repository is the URL
-
-Optional:
-
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--glusterfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.glusterfs`
-
-Required:
-
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--host_path"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.host_path`
-
-Required:
-
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-Optional:
-
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--image"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.image`
-
-Optional:
-
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--iscsi"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.iscsi`
-
-Required:
-
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-
-Optional:
-
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--iscsi--secret_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--iscsi--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.iscsi.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--nfs"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.nfs`
-
-Required:
-
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--persistent_volume_claim"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.persistent_volume_claim`
-
-Required:
-
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
-
-Optional:
-
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--photon_persistent_disk"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--portworx_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
-
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api`
-
-Optional:
-
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--secret"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.secret`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--secret--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.projected.sources.service_account_token`
-
-Required:
-
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
-
-Optional:
-
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--quobyte"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.quobyte`
-
-Required:
-
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
-
-Optional:
-
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--rbd"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.rbd`
-
-Required:
-
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-<a id="nestedatt--spec--metrics--exporter--volumes--rbd--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.rbd.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--scale_io"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--scale_io--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.scale_io.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--secret"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.secret`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-<a id="nestedatt--spec--metrics--exporter--volumes--secret--items"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--storageos"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.storageos`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--metrics--exporter--volumes--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--metrics--exporter--volumes--storageos--secret_ref"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.storageos.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--metrics--exporter--volumes--vsphere_volume"></a>
-### Nested Schema for `spec.metrics.exporter.volumes.vsphere_volume`
-
-Required:
-
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
-
-
-
-
-<a id="nestedatt--spec--metrics--service_monitor"></a>
-### Nested Schema for `spec.metrics.service_monitor`
-
-Optional:
-
-- `interval` (String) Interval for scraping metrics.
-- `job_label` (String) JobLabel to add to the ServiceMonitor object.
-- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
-- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
-
-
-
-<a id="nestedatt--spec--monitor"></a>
-### Nested Schema for `spec.monitor`
-
-Optional:
-
-- `cooperative_monitoring` (String) CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled.
-- `interval` (String) Interval used to monitor MariaDB servers. It is defaulted if not provided.
-- `module` (String) Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.
-- `name` (String) Name is the identifier of the monitor. It is defaulted if not provided.
-- `params` (Map of String) Params defines extra parameters to pass to the monitor. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-
-<a id="nestedatt--spec--pod_disruption_budget"></a>
-### Nested Schema for `spec.pod_disruption_budget`
-
-Optional:
-
-- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
-- `min_available` (String) MinAvailable defines the number of minimum available Pods.
-
-
-<a id="nestedatt--spec--pod_metadata"></a>
-### Nested Schema for `spec.pod_metadata`
-
-Optional:
-
-- `annotations` (Map of String) Annotations to be added to children resources.
-- `labels` (Map of String) Labels to be added to children resources.
-
-
-<a id="nestedatt--spec--pod_security_context"></a>
-### Nested Schema for `spec.pod_security_context`
-
-Optional:
-
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--app_armor_profile))
-- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
-- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
-- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
-- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--sysctls))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_security_context--windows_options))
-
-<a id="nestedatt--spec--pod_security_context--app_armor_profile"></a>
-### Nested Schema for `spec.pod_security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--pod_security_context--se_linux_options"></a>
-### Nested Schema for `spec.pod_security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--pod_security_context--seccomp_profile"></a>
-### Nested Schema for `spec.pod_security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--pod_security_context--sysctls"></a>
-### Nested Schema for `spec.pod_security_context.sysctls`
-
-Required:
-
-- `name` (String) Name of a property to set
-- `value` (String) Value of a property to set
-
-
-<a id="nestedatt--spec--pod_security_context--windows_options"></a>
-### Nested Schema for `spec.pod_security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--readiness_probe"></a>
-### Nested Schema for `spec.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--readiness_probe--exec"></a>
-### Nested Schema for `spec.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--readiness_probe--grpc"></a>
-### Nested Schema for `spec.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--readiness_probe--http_get"></a>
-### Nested Schema for `spec.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--resources"></a>
-### Nested Schema for `spec.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--resources--claims"></a>
-### Nested Schema for `spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--security_context"></a>
-### Nested Schema for `spec.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--security_context--windows_options))
-
-<a id="nestedatt--spec--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--security_context--capabilities"></a>
-### Nested Schema for `spec.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--security_context--se_linux_options"></a>
-### Nested Schema for `spec.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--security_context--windows_options"></a>
-### Nested Schema for `spec.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--servers"></a>
-### Nested Schema for `spec.servers`
-
-Required:
-
-- `address` (String) Address is the network address of the MariaDB server.
-- `name` (String) Name is the identifier of the MariaDB server.
-
-Optional:
-
-- `maintenance` (Boolean) Maintenance indicates whether the server is in maintenance mode.
-- `params` (Map of String) Params defines extra parameters to pass to the server. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#server_1.
-- `port` (Number) Port is the network port of the MariaDB server. If not provided, it defaults to 3306.
-- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with this MariaDB server. If not provided, it defaults to MariaDBBackend.
-
-
-<a id="nestedatt--spec--services"></a>
-### Nested Schema for `spec.services`
-
-Required:
-
-- `listener` (Attributes) MaxScaleListener defines how the MaxScale server will listen for connections. (see [below for nested schema](#nestedatt--spec--services--listener))
-- `name` (String) Name is the identifier of the MaxScale service.
-- `router` (String) Router is the type of router to use.
-
-Optional:
-
-- `params` (Map of String) Params defines extra parameters to pass to the service. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-<a id="nestedatt--spec--services--listener"></a>
-### Nested Schema for `spec.services.listener`
-
-Required:
-
-- `port` (Number) Port is the network port where the MaxScale server will listen.
-
-Optional:
-
-- `name` (String) Name is the identifier of the listener. It is defaulted if not provided
-- `params` (Map of String) Params defines extra parameters to pass to the listener. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.
-- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.
-- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
-
-
-
-<a id="nestedatt--spec--sidecar_containers"></a>
-### Nested Schema for `spec.sidecar_containers`
-
-Required:
-
-- `image` (String) Image name to be used by the MariaDB instances. The supported format is '<image>:<tag>'.
-
-Optional:
-
-- `args` (List of String) Args to be used in the Container.
-- `command` (List of String) Command to be used in the Container.
-- `env` (Attributes List) Env represents the environment variables to be injected in a container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env))
-- `env_from` (Attributes List) EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from))
-- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
-- `liveness_probe` (Attributes) LivenessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe))
-- `readiness_probe` (Attributes) ReadinessProbe to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe))
-- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--sidecar_containers--resources))
-- `security_context` (Attributes) SecurityContext holds security configuration that will be applied to a container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context))
-- `volume_mounts` (Attributes List) VolumeMounts to be used in the Container. (see [below for nested schema](#nestedatt--spec--sidecar_containers--volume_mounts))
-
-<a id="nestedatt--spec--sidecar_containers--env"></a>
-### Nested Schema for `spec.sidecar_containers.env`
-
-Required:
-
-- `name` (String) Name of the environment variable. Must be a C_IDENTIFIER.
-
-Optional:
-
-- `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''.
-- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from))
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from`
-
-Optional:
-
-- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--config_map_key_ref))
-- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['<KEY>']', 'metadata.annotations['<KEY>']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--field_ref))
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--resource_field_ref))
-- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--sidecar_containers--env--value_from--secret_key_ref))
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from--config_map_key_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.config_map_key_ref`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from--field_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from--resource_field_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-<a id="nestedatt--spec--sidecar_containers--env--value_from--secret_key_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env.value_from.secret_key_ref`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
-<a id="nestedatt--spec--sidecar_containers--env_from"></a>
-### Nested Schema for `spec.sidecar_containers.env_from`
-
-Optional:
-
-- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from--config_map_ref))
-- `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--sidecar_containers--env_from--secret_ref))
-
-<a id="nestedatt--spec--sidecar_containers--env_from--config_map_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env_from.config_map_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap must be defined
-
-
-<a id="nestedatt--spec--sidecar_containers--env_from--secret_ref"></a>
-### Nested Schema for `spec.sidecar_containers.env_from.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret must be defined
-
-
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--exec"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--grpc"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--http_get"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--liveness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--sidecar_containers--liveness_probe--tcp_socket"></a>
-### Nested Schema for `spec.sidecar_containers.liveness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe`
-
-Optional:
-
-- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--exec))
-- `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
-- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--grpc))
-- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--http_get))
-- `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-- `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
-- `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--tcp_socket))
-- `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-- `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--exec"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.exec`
-
-Optional:
-
-- `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--grpc"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.grpc`
-
-Required:
-
-- `port` (Number) Port number of the gRPC service. Number must be in the range 1 to 65535.
-
-Optional:
-
-- `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
-
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--http_get"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.http_get`
-
-Required:
-
-- `port` (String) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead.
-- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--readiness_probe--http_get--http_headers))
-- `path` (String) Path to access on the HTTP server.
-- `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP.
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--http_get--http_headers"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.http_get.http_headers`
-
-Required:
-
-- `name` (String) The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
-- `value` (String) The header field value
-
-
-
-<a id="nestedatt--spec--sidecar_containers--readiness_probe--tcp_socket"></a>
-### Nested Schema for `spec.sidecar_containers.readiness_probe.tcp_socket`
-
-Required:
-
-- `port` (String) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
-
-Optional:
-
-- `host` (String) Optional: Host name to connect to, defaults to the pod IP.
-
-
-
-<a id="nestedatt--spec--sidecar_containers--resources"></a>
-### Nested Schema for `spec.sidecar_containers.resources`
-
-Optional:
-
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--sidecar_containers--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--sidecar_containers--resources--claims"></a>
-### Nested Schema for `spec.sidecar_containers.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context"></a>
-### Nested Schema for `spec.sidecar_containers.security_context`
-
-Optional:
-
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--sidecar_containers--security_context--windows_options))
-
-<a id="nestedatt--spec--sidecar_containers--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--capabilities"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.capabilities`
-
-Optional:
-
-- `add` (List of String) Added capabilities
-- `drop` (List of String) Removed capabilities
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--se_linux_options"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--sidecar_containers--security_context--windows_options"></a>
-### Nested Schema for `spec.sidecar_containers.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
-
-<a id="nestedatt--spec--sidecar_containers--volume_mounts"></a>
-### Nested Schema for `spec.sidecar_containers.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-
-<a id="nestedatt--spec--tolerations"></a>
-### Nested Schema for `spec.tolerations`
-
-Optional:
-
-- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
-- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
-- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
-- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
-
-
-<a id="nestedatt--spec--topology_spread_constraints"></a>
-### Nested Schema for `spec.topology_spread_constraints`
-
-Required:
-
-- `max_skew` (Number) MaxSkew describes the degree to which pods may be unevenly distributed. When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-- `topology_key` (String) TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a 'bucket', and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is 'kubernetes.io/hostname', each Node is a domain of that topology. And, if TopologyKey is 'topology.kubernetes.io/zone', each zone is a domain of that topology. It's a required field.
-- `when_unsatisfiable` (String) WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered 'Unsatisfiable' for an incoming pod if and only if every possible node assignment for that pod would violate 'MaxSkew' on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
-
-Optional:
-
-- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
-- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
-- `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-- `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-
-<a id="nestedatt--spec--topology_spread_constraints--label_selector"></a>
-### Nested Schema for `spec.topology_spread_constraints.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--topology_spread_constraints--label_selector--match_expressions"></a>
-### Nested Schema for `spec.topology_spread_constraints.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--update_strategy"></a>
-### Nested Schema for `spec.update_strategy`
-
-Optional:
-
-- `rolling_update` (Attributes) RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. (see [below for nested schema](#nestedatt--spec--update_strategy--rolling_update))
-- `type` (String) Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
-
-<a id="nestedatt--spec--update_strategy--rolling_update"></a>
-### Nested Schema for `spec.update_strategy.rolling_update`
-
-Optional:
-
-- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
-- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
-
-
-
-<a id="nestedatt--spec--volume_mounts"></a>
-### Nested Schema for `spec.volume_mounts`
-
-Required:
-
-- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
-- `name` (String) This must match the Name of a Volume.
-
-Optional:
-
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
-- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
-- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
-- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-
-<a id="nestedatt--spec--volumes"></a>
-### Nested Schema for `spec.volumes`
-
-Required:
-
-- `name` (String) name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-Optional:
-
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--volumes--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volumes--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volumes--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volumes--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--volumes--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--volumes--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--volumes--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--volumes--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--volumes--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--volumes--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--volumes--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--volumes--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--volumes--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--volumes--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--volumes--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--volumes--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--volumes--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--volumes--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--volumes--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--volumes--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volumes--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--volumes--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volumes--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--volumes--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volumes--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volumes--vsphere_volume))
-
-<a id="nestedatt--spec--volumes--aws_elastic_block_store"></a>
-### Nested Schema for `spec.volumes.aws_elastic_block_store`
-
-Required:
-
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--volumes--azure_disk"></a>
-### Nested Schema for `spec.volumes.azure_disk`
-
-Required:
-
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
-
-Optional:
-
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--volumes--azure_file"></a>
-### Nested Schema for `spec.volumes.azure_file`
-
-Required:
-
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--volumes--cephfs"></a>
-### Nested Schema for `spec.volumes.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volumes--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--volumes--cephfs--secret_ref"></a>
-### Nested Schema for `spec.volumes.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volumes--cinder"></a>
-### Nested Schema for `spec.volumes.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--volumes--cinder--secret_ref))
-
-<a id="nestedatt--spec--volumes--cinder--secret_ref"></a>
-### Nested Schema for `spec.volumes.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volumes--config_map"></a>
-### Nested Schema for `spec.volumes.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--volumes--config_map--items"></a>
-### Nested Schema for `spec.volumes.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volumes--csi"></a>
-### Nested Schema for `spec.volumes.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--volumes--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--volumes--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.volumes.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volumes--downward_api"></a>
-### Nested Schema for `spec.volumes.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items))
-
-<a id="nestedatt--spec--volumes--downward_api--items"></a>
-### Nested Schema for `spec.volumes.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volumes--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--volumes--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volumes.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--volumes--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volumes.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--metrics--exporter"></a>
+### Nested Schema for `spec.metrics.exporter`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--volumes--empty_dir"></a>
-### Nested Schema for `spec.volumes.empty_dir`
-
-Optional:
-
-- `medium` (String) medium represents what type of storage medium should back this directory. The default is '' which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-- `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-
-
-<a id="nestedatt--spec--volumes--ephemeral"></a>
-### Nested Schema for `spec.volumes.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template`
-
-Required:
+- `affinity` (Attributes) Affinity to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity))
+- `image` (String) Image name to be used as metrics exporter. The supported format is '<image>:<tag>'. Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
+- `image_pull_policy` (String) ImagePullPolicy is the image pull policy. One of 'Always', 'Never' or 'IfNotPresent'. If not defined, it defaults to 'IfNotPresent'.
+- `image_pull_secrets` (Attributes List) ImagePullSecrets is the list of pull Secrets to be used to pull the image. (see [below for nested schema](#nestedatt--spec--metrics--exporter--image_pull_secrets))
+- `node_selector` (Map of String) NodeSelector to be used in the Pod.
+- `pod_metadata` (Attributes) PodMetadata defines extra metadata for the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_metadata))
+- `pod_security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context))
+- `port` (Number) Port where the exporter will be listening for connections.
+- `priority_class_name` (String) PriorityClassName to be used in the Pod.
+- `resources` (Attributes) Resouces describes the compute resource requirements. (see [below for nested schema](#nestedatt--spec--metrics--exporter--resources))
+- `tolerations` (Attributes List) Tolerations to be used in the Pod. (see [below for nested schema](#nestedatt--spec--metrics--exporter--tolerations))
 
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec))
+<a id="nestedatt--spec--metrics--exporter--affinity"></a>
+### Nested Schema for `spec.metrics.exporter.affinity`
 
 Optional:
 
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+- `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity))
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity`
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.data_source`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
-
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.data_source_ref`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.resources`
+- `topology_key` (String)
 
 Optional:
 
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
-
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.selector`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--volumes--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.volumes.ephemeral.volume_claim_template.spec.selector.match_expressions`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
 
 Required:
 
@@ -5010,478 +697,465 @@ Optional:
 
 
 
-
-<a id="nestedatt--spec--volumes--fc"></a>
-### Nested Schema for `spec.volumes.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--volumes--flex_volume"></a>
-### Nested Schema for `spec.volumes.flex_volume`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `driver` (String) driver is the name of the driver to use for this volume.
+- `topology_key` (String)
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--volumes--flex_volume--secret_ref))
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
-<a id="nestedatt--spec--volumes--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.volumes.flex_volume.secret_ref`
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
+<a id="nestedatt--spec--metrics--exporter--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
+### Nested Schema for `spec.metrics.exporter.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
 
+Required:
 
-<a id="nestedatt--spec--volumes--flocker"></a>
-### Nested Schema for `spec.volumes.flocker`
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
-<a id="nestedatt--spec--volumes--gce_persistent_disk"></a>
-### Nested Schema for `spec.volumes.gce_persistent_disk`
 
-Required:
 
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 
-Optional:
 
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+<a id="nestedatt--spec--metrics--exporter--image_pull_secrets"></a>
+### Nested Schema for `spec.metrics.exporter.image_pull_secrets`
 
+Optional:
 
-<a id="nestedatt--spec--volumes--git_repo"></a>
-### Nested Schema for `spec.volumes.git_repo`
+- `name` (String)
 
-Required:
 
-- `repository` (String) repository is the URL
+<a id="nestedatt--spec--metrics--exporter--pod_metadata"></a>
+### Nested Schema for `spec.metrics.exporter.pod_metadata`
 
 Optional:
 
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--volumes--glusterfs"></a>
-### Nested Schema for `spec.volumes.glusterfs`
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
 
-Required:
 
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+<a id="nestedatt--spec--metrics--exporter--pod_security_context"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context`
 
 Optional:
 
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
+- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile))
+- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile))
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--sysctls))
+- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--metrics--exporter--pod_security_context--windows_options))
 
-<a id="nestedatt--spec--volumes--host_path"></a>
-### Nested Schema for `spec.volumes.host_path`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.app_armor_profile`
 
 Required:
 
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 
 Optional:
 
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
 
 
-<a id="nestedatt--spec--volumes--image"></a>
-### Nested Schema for `spec.volumes.image`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--se_linux_options"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.se_linux_options`
 
 Optional:
 
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+- `level` (String) Level is SELinux level label that applies to the container.
+- `role` (String) Role is a SELinux role label that applies to the container.
+- `type` (String) Type is a SELinux type label that applies to the container.
+- `user` (String) User is a SELinux user label that applies to the container.
 
 
-<a id="nestedatt--spec--volumes--iscsi"></a>
-### Nested Schema for `spec.volumes.iscsi`
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.seccomp_profile`
 
 Required:
 
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 
 Optional:
 
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--volumes--iscsi--secret_ref))
-
-<a id="nestedatt--spec--volumes--iscsi--secret_ref"></a>
-### Nested Schema for `spec.volumes.iscsi.secret_ref`
-
-Optional:
+- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--sysctls"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.sysctls`
 
+Required:
 
-<a id="nestedatt--spec--volumes--nfs"></a>
-### Nested Schema for `spec.volumes.nfs`
+- `name` (String) Name of a property to set
+- `value` (String) Value of a property to set
 
-Required:
 
-- `path` (String) path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-- `server` (String) server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+<a id="nestedatt--spec--metrics--exporter--pod_security_context--windows_options"></a>
+### Nested Schema for `spec.metrics.exporter.pod_security_context.windows_options`
 
 Optional:
 
-- `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-
+- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
+- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
-<a id="nestedatt--spec--volumes--persistent_volume_claim"></a>
-### Nested Schema for `spec.volumes.persistent_volume_claim`
 
-Required:
 
-- `claim_name` (String) claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+<a id="nestedatt--spec--metrics--exporter--resources"></a>
+### Nested Schema for `spec.metrics.exporter.resources`
 
 Optional:
 
-- `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
-<a id="nestedatt--spec--volumes--photon_persistent_disk"></a>
-### Nested Schema for `spec.volumes.photon_persistent_disk`
 
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
+<a id="nestedatt--spec--metrics--exporter--tolerations"></a>
+### Nested Schema for `spec.metrics.exporter.tolerations`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 
-<a id="nestedatt--spec--volumes--portworx_volume"></a>
-### Nested Schema for `spec.volumes.portworx_volume`
 
-Required:
 
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
+<a id="nestedatt--spec--metrics--service_monitor"></a>
+### Nested Schema for `spec.metrics.service_monitor`
 
 Optional:
 
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+- `interval` (String) Interval for scraping metrics.
+- `job_label` (String) JobLabel to add to the ServiceMonitor object.
+- `prometheus_release` (String) PrometheusRelease is the release label to add to the ServiceMonitor object.
+- `scrape_timeout` (String) ScrapeTimeout defines the timeout for scraping metrics.
+
 
 
-<a id="nestedatt--spec--volumes--projected"></a>
-### Nested Schema for `spec.volumes.projected`
+<a id="nestedatt--spec--monitor"></a>
+### Nested Schema for `spec.monitor`
 
 Optional:
 
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources))
+- `cooperative_monitoring` (String) CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled.
+- `interval` (String) Interval used to monitor MariaDB servers. It is defaulted if not provided.
+- `module` (String) Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.
+- `name` (String) Name is the identifier of the monitor. It is defaulted if not provided.
+- `params` (Map of String) Params defines extra parameters to pass to the monitor. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-<a id="nestedatt--spec--volumes--projected--sources"></a>
-### Nested Schema for `spec.volumes.projected.sources`
 
-Optional:
+<a id="nestedatt--spec--pod_disruption_budget"></a>
+### Nested Schema for `spec.pod_disruption_budget`
 
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--service_account_token))
+Optional:
 
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle`
+- `max_unavailable` (String) MaxUnavailable defines the number of maximum unavailable Pods.
+- `min_available` (String) MinAvailable defines the number of minimum available Pods.
 
-Required:
 
-- `path` (String) Relative path from the volume root to write the bundle.
+<a id="nestedatt--spec--pod_metadata"></a>
+### Nested Schema for `spec.pod_metadata`
 
 Optional:
 
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+- `annotations` (Map of String) Annotations to be added to children resources.
+- `labels` (Map of String) Labels to be added to children resources.
+
 
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle.label_selector`
+<a id="nestedatt--spec--pod_security_context"></a>
+### Nested Schema for `spec.pod_security_context`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--app_armor_profile))
+- `fs_group` (Number) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+- `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--seccomp_profile))
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_security_context--sysctls))
+- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_security_context--windows_options))
 
-<a id="nestedatt--spec--volumes--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.volumes.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
+<a id="nestedatt--spec--pod_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.pod_security_context.app_armor_profile`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
+- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
 
 
-<a id="nestedatt--spec--volumes--projected--sources--config_map"></a>
-### Nested Schema for `spec.volumes.projected.sources.config_map`
+<a id="nestedatt--spec--pod_security_context--se_linux_options"></a>
+### Nested Schema for `spec.pod_security_context.se_linux_options`
 
 Optional:
 
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
+- `level` (String) Level is SELinux level label that applies to the container.
+- `role` (String) Role is a SELinux role label that applies to the container.
+- `type` (String) Type is a SELinux type label that applies to the container.
+- `user` (String) User is a SELinux user label that applies to the container.
+
 
-<a id="nestedatt--spec--volumes--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.config_map.items`
+<a id="nestedatt--spec--pod_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.pod_security_context.seccomp_profile`
 
 Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
+- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api`
 
-Optional:
+<a id="nestedatt--spec--pod_security_context--sysctls"></a>
+### Nested Schema for `spec.pod_security_context.sysctls`
 
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items))
+Required:
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items`
+- `name` (String) Name of a property to set
+- `value` (String) Value of a property to set
 
-Required:
 
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+<a id="nestedatt--spec--pod_security_context--windows_options"></a>
+### Nested Schema for `spec.pod_security_context.windows_options`
 
 Optional:
 
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--downward_api--items--resource_field_ref))
+- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
+- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items.field_ref`
 
-Required:
 
-- `field_path` (String) Path of the field to select in the specified API version.
+<a id="nestedatt--spec--readiness_probe"></a>
+### Nested Schema for `spec.readiness_probe`
 
 Optional:
 
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
+- `exec` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#execaction-v1-core. (see [below for nested schema](#nestedatt--spec--readiness_probe--exec))
+- `failure_threshold` (Number)
+- `http_get` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#httpgetaction-v1-core. (see [below for nested schema](#nestedatt--spec--readiness_probe--http_get))
+- `initial_delay_seconds` (Number)
+- `period_seconds` (Number)
+- `success_threshold` (Number)
+- `timeout_seconds` (Number)
 
-<a id="nestedatt--spec--volumes--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volumes.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
+<a id="nestedatt--spec--readiness_probe--exec"></a>
+### Nested Schema for `spec.readiness_probe.exec`
 
 Optional:
 
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
+- `command` (List of String)
 
 
+<a id="nestedatt--spec--readiness_probe--http_get"></a>
+### Nested Schema for `spec.readiness_probe.http_get`
 
+Required:
 
-<a id="nestedatt--spec--volumes--projected--sources--secret"></a>
-### Nested Schema for `spec.volumes.projected.sources.secret`
+- `port` (String)
 
 Optional:
 
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
+- `host` (String)
+- `path` (String)
+- `scheme` (String) URIScheme identifies the scheme used for connection to a host for Get actions
 
-<a id="nestedatt--spec--volumes--projected--sources--secret--items"></a>
-### Nested Schema for `spec.volumes.projected.sources.secret.items`
 
-Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+<a id="nestedatt--spec--resources"></a>
+### Nested Schema for `spec.resources`
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
+<a id="nestedatt--spec--security_context"></a>
+### Nested Schema for `spec.security_context`
 
-<a id="nestedatt--spec--volumes--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.volumes.projected.sources.service_account_token`
+Optional:
 
-Required:
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
+<a id="nestedatt--spec--security_context--capabilities"></a>
+### Nested Schema for `spec.security_context.capabilities`
 
 Optional:
 
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
+- `add` (List of String) Added capabilities
+- `drop` (List of String) Removed capabilities
 
 
 
-<a id="nestedatt--spec--volumes--quobyte"></a>
-### Nested Schema for `spec.volumes.quobyte`
+<a id="nestedatt--spec--servers"></a>
+### Nested Schema for `spec.servers`
 
 Required:
 
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
+- `address` (String) Address is the network address of the MariaDB server.
+- `name` (String) Name is the identifier of the MariaDB server.
 
 Optional:
 
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
+- `maintenance` (Boolean) Maintenance indicates whether the server is in maintenance mode.
+- `params` (Map of String) Params defines extra parameters to pass to the server. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#server_1.
+- `port` (Number) Port is the network port of the MariaDB server. If not provided, it defaults to 3306.
+- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with this MariaDB server. If not provided, it defaults to MariaDBBackend.
 
 
-<a id="nestedatt--spec--volumes--rbd"></a>
-### Nested Schema for `spec.volumes.rbd`
+<a id="nestedatt--spec--services"></a>
+### Nested Schema for `spec.services`
 
 Required:
 
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+- `listener` (Attributes) MaxScaleListener defines how the MaxScale server will listen for connections. (see [below for nested schema](#nestedatt--spec--services--listener))
+- `name` (String) Name is the identifier of the MaxScale service.
+- `router` (String) Router is the type of router to use.
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volumes--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+- `params` (Map of String) Params defines extra parameters to pass to the service. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-<a id="nestedatt--spec--volumes--rbd--secret_ref"></a>
-### Nested Schema for `spec.volumes.rbd.secret_ref`
+<a id="nestedatt--spec--services--listener"></a>
+### Nested Schema for `spec.services.listener`
 
-Optional:
+Required:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `port` (Number) Port is the network port where the MaxScale server will listen.
 
+Optional:
 
+- `name` (String) Name is the identifier of the listener. It is defaulted if not provided
+- `params` (Map of String) Params defines extra parameters to pass to the listener. Any parameter supported by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.
+- `protocol` (String) Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.
+- `suspend` (Boolean) Suspend indicates whether the current resource should be suspended or not. This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.
 
-<a id="nestedatt--spec--volumes--scale_io"></a>
-### Nested Schema for `spec.volumes.scale_io`
 
-Required:
 
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--volumes--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
+<a id="nestedatt--spec--tolerations"></a>
+### Nested Schema for `spec.tolerations`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 
-<a id="nestedatt--spec--volumes--scale_io--secret_ref"></a>
-### Nested Schema for `spec.volumes.scale_io.secret_ref`
 
-Optional:
+<a id="nestedatt--spec--topology_spread_constraints"></a>
+### Nested Schema for `spec.topology_spread_constraints`
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+Required:
+
+- `max_skew` (Number)
+- `topology_key` (String)
+- `when_unsatisfiable` (String)
 
+Optional:
 
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector))
+- `match_label_keys` (List of String)
+- `min_domains` (Number)
+- `node_affinity_policy` (String) NodeInclusionPolicy defines the type of node inclusion policy
+- `node_taints_policy` (String) NodeInclusionPolicy defines the type of node inclusion policy
 
-<a id="nestedatt--spec--volumes--secret"></a>
-### Nested Schema for `spec.volumes.secret`
+<a id="nestedatt--spec--topology_spread_constraints--label_selector"></a>
+### Nested Schema for `spec.topology_spread_constraints.label_selector`
 
 Optional:
 
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volumes--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--topology_spread_constraints--label_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--volumes--secret--items"></a>
-### Nested Schema for `spec.volumes.secret.items`
+<a id="nestedatt--spec--topology_spread_constraints--label_selector--match_expressions"></a>
+### Nested Schema for `spec.topology_spread_constraints.label_selector.match_expressions`
 
 Required:
 
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
 
 
 
-<a id="nestedatt--spec--volumes--storageos"></a>
-### Nested Schema for `spec.volumes.storageos`
+<a id="nestedatt--spec--update_strategy"></a>
+### Nested Schema for `spec.update_strategy`
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--volumes--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+- `rolling_update` (Attributes) RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. (see [below for nested schema](#nestedatt--spec--update_strategy--rolling_update))
+- `type` (String) Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
 
-<a id="nestedatt--spec--volumes--storageos--secret_ref"></a>
-### Nested Schema for `spec.volumes.storageos.secret_ref`
+<a id="nestedatt--spec--update_strategy--rolling_update"></a>
+### Nested Schema for `spec.update_strategy.rolling_update`
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `max_unavailable` (String) The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+- `partition` (Number) Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
 
 
 
-<a id="nestedatt--spec--volumes--vsphere_volume"></a>
-### Nested Schema for `spec.volumes.vsphere_volume`
+<a id="nestedatt--spec--volume_mounts"></a>
+### Nested Schema for `spec.volume_mounts`
 
 Required:
 
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
+- `mount_path` (String)
+- `name` (String) This must match the Name of a Volume.
 
 Optional:
 
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+- `read_only` (Boolean)
+- `sub_path` (String)
diff --git a/docs/data-sources/k8s_mariadb_com_restore_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_restore_v1alpha1_manifest.md
index c9de329ad..8b7f896f2 100644
--- a/docs/data-sources/k8s_mariadb_com_restore_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_restore_v1alpha1_manifest.md
@@ -85,13 +85,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
 
@@ -101,274 +96,34 @@ Optional:
 Optional:
 
 - `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--affinity--node_affinity"></a>
-### Nested Schema for `spec.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity"></a>
-### Nested Schema for `spec.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
@@ -392,28 +147,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
@@ -421,15 +154,11 @@ Optional:
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
@@ -453,28 +182,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 
@@ -483,7 +190,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--image_pull_secrets"></a>
@@ -491,7 +198,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--inherit_metadata"></a>
@@ -591,21 +298,8 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--resources--claims"></a>
-### Nested Schema for `spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
 <a id="nestedatt--spec--s3"></a>
@@ -630,12 +324,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--s3--secret_access_key_secret_key_ref"></a>
@@ -643,12 +336,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--s3--session_token_secret_key_ref"></a>
@@ -656,12 +348,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--s3--tls"></a>
@@ -677,12 +368,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 
@@ -692,30 +382,13 @@ Optional:
 
 Optional:
 
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--security_context--windows_options))
-
-<a id="nestedatt--spec--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
 <a id="nestedatt--spec--security_context--capabilities"></a>
 ### Nested Schema for `spec.security_context.capabilities`
@@ -726,40 +399,6 @@ Optional:
 - `drop` (List of String) Removed capabilities
 
 
-<a id="nestedatt--spec--security_context--se_linux_options"></a>
-### Nested Schema for `spec.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--security_context--windows_options"></a>
-### Nested Schema for `spec.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
 
 <a id="nestedatt--spec--tolerations"></a>
 ### Nested Schema for `spec.tolerations`
@@ -778,223 +417,36 @@ Optional:
 
 Optional:
 
-- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--volume--aws_elastic_block_store))
-- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volume--azure_disk))
-- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--volume--azure_file))
-- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volume--cephfs))
-- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--volume--cinder))
-- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--volume--config_map))
-- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--volume--csi))
-- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--volume--downward_api))
-- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--volume--empty_dir))
-- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--volume--ephemeral))
-- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--volume--fc))
-- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--volume--flex_volume))
-- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--volume--flocker))
-- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--volume--gce_persistent_disk))
-- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--volume--git_repo))
-- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--volume--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--volume--host_path))
-- `image` (Attributes) image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. (see [below for nested schema](#nestedatt--spec--volume--image))
-- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--volume--iscsi))
-- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--volume--nfs))
-- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--volume--persistent_volume_claim))
-- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volume--photon_persistent_disk))
-- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volume--portworx_volume))
-- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--volume--projected))
-- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--volume--quobyte))
-- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--volume--rbd))
-- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volume--scale_io))
-- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--volume--secret))
-- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--volume--storageos))
-- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--volume--vsphere_volume))
-
-<a id="nestedatt--spec--volume--aws_elastic_block_store"></a>
-### Nested Schema for `spec.volume.aws_elastic_block_store`
+- `csi` (Attributes) Represents a source location of a volume to mount, managed by an external CSI driver (see [below for nested schema](#nestedatt--spec--volume--csi))
+- `empty_dir` (Attributes) Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. (see [below for nested schema](#nestedatt--spec--volume--empty_dir))
+- `nfs` (Attributes) Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling. (see [below for nested schema](#nestedatt--spec--volume--nfs))
+- `persistent_volume_claim` (Attributes) PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system). (see [below for nested schema](#nestedatt--spec--volume--persistent_volume_claim))
+
+<a id="nestedatt--spec--volume--csi"></a>
+### Nested Schema for `spec.volume.csi`
 
 Required:
 
-- `volume_id` (String) volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
-- `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-
-
-<a id="nestedatt--spec--volume--azure_disk"></a>
-### Nested Schema for `spec.volume.azure_disk`
-
-Required:
+- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--volume--csi--node_publish_secret_ref))
+- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 
-- `disk_name` (String) diskName is the Name of the data disk in the blob storage
-- `disk_uri` (String) diskURI is the URI of data disk in the blob storage
+<a id="nestedatt--spec--volume--csi--node_publish_secret_ref"></a>
+### Nested Schema for `spec.volume.csi.node_publish_secret_ref`
 
 Optional:
 
-- `caching_mode` (String) cachingMode is the Host Caching mode: None, Read Only, Read Write.
-- `fs_type` (String) fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `kind` (String) kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
-<a id="nestedatt--spec--volume--azure_file"></a>
-### Nested Schema for `spec.volume.azure_file`
 
-Required:
 
-- `secret_name` (String) secretName is the name of secret that contains Azure Storage Account Name and Key
-- `share_name` (String) shareName is the azure share Name
-
-Optional:
-
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--volume--cephfs"></a>
-### Nested Schema for `spec.volume.cephfs`
-
-Required:
-
-- `monitors` (List of String) monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-Optional:
-
-- `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volume--cephfs--secret_ref))
-- `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-
-<a id="nestedatt--spec--volume--cephfs--secret_ref"></a>
-### Nested Schema for `spec.volume.cephfs.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--cinder"></a>
-### Nested Schema for `spec.volume.cinder`
-
-Required:
-
-- `volume_id` (String) volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
-- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--volume--cinder--secret_ref))
-
-<a id="nestedatt--spec--volume--cinder--secret_ref"></a>
-### Nested Schema for `spec.volume.cinder.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--config_map"></a>
-### Nested Schema for `spec.volume.config_map`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volume--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--volume--config_map--items"></a>
-### Nested Schema for `spec.volume.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volume--csi"></a>
-### Nested Schema for `spec.volume.csi`
-
-Required:
-
-- `driver` (String) driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
-
-Optional:
-
-- `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
-- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--volume--csi--node_publish_secret_ref))
-- `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
-- `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
-
-<a id="nestedatt--spec--volume--csi--node_publish_secret_ref"></a>
-### Nested Schema for `spec.volume.csi.node_publish_secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--downward_api"></a>
-### Nested Schema for `spec.volume.downward_api`
-
-Optional:
-
-- `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--volume--downward_api--items))
-
-<a id="nestedatt--spec--volume--downward_api--items"></a>
-### Nested Schema for `spec.volume.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volume--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volume--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--volume--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volume.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--volume--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volume.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--volume--empty_dir"></a>
-### Nested Schema for `spec.volume.empty_dir`
+<a id="nestedatt--spec--volume--empty_dir"></a>
+### Nested Schema for `spec.volume.empty_dir`
 
 Optional:
 
@@ -1002,234 +454,6 @@ Optional:
 - `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 
-<a id="nestedatt--spec--volume--ephemeral"></a>
-### Nested Schema for `spec.volume.ephemeral`
-
-Optional:
-
-- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '<pod name>-<volume name>' where '<volume name>' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template))
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template`
-
-Required:
-
-- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec))
-
-Optional:
-
-- `metadata` (Map of String) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec`
-
-Optional:
-
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec--data_source"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec.data_source`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec--data_source_ref"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec.data_source_ref`
-
-Required:
-
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
-
-Optional:
-
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
-
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec--resources"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec.resources`
-
-Optional:
-
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec--selector"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec.selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volume--ephemeral--volume_claim_template--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--volume--ephemeral--volume_claim_template--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.volume.ephemeral.volume_claim_template.spec.selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-
-<a id="nestedatt--spec--volume--fc"></a>
-### Nested Schema for `spec.volume.fc`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `lun` (Number) lun is Optional: FC target lun number
-- `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
-- `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
-
-
-<a id="nestedatt--spec--volume--flex_volume"></a>
-### Nested Schema for `spec.volume.flex_volume`
-
-Required:
-
-- `driver` (String) driver is the name of the driver to use for this volume.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script.
-- `options` (Map of String) options is Optional: this field holds extra command options if any.
-- `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--volume--flex_volume--secret_ref))
-
-<a id="nestedatt--spec--volume--flex_volume--secret_ref"></a>
-### Nested Schema for `spec.volume.flex_volume.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--flocker"></a>
-### Nested Schema for `spec.volume.flocker`
-
-Optional:
-
-- `dataset_name` (String) datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
-- `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
-
-
-<a id="nestedatt--spec--volume--gce_persistent_disk"></a>
-### Nested Schema for `spec.volume.gce_persistent_disk`
-
-Required:
-
-- `pd_name` (String) pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-
-
-<a id="nestedatt--spec--volume--git_repo"></a>
-### Nested Schema for `spec.volume.git_repo`
-
-Required:
-
-- `repository` (String) repository is the URL
-
-Optional:
-
-- `directory` (String) directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
-- `revision` (String) revision is the commit hash for the specified revision.
-
-
-<a id="nestedatt--spec--volume--glusterfs"></a>
-### Nested Schema for `spec.volume.glusterfs`
-
-Required:
-
-- `endpoints` (String) endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-- `path` (String) path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-Optional:
-
-- `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-
-
-<a id="nestedatt--spec--volume--host_path"></a>
-### Nested Schema for `spec.volume.host_path`
-
-Required:
-
-- `path` (String) path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-Optional:
-
-- `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-
-
-<a id="nestedatt--spec--volume--image"></a>
-### Nested Schema for `spec.volume.image`
-
-Optional:
-
-- `pull_policy` (String) Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
-- `reference` (String) Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
-
-
-<a id="nestedatt--spec--volume--iscsi"></a>
-### Nested Schema for `spec.volume.iscsi`
-
-Required:
-
-- `iqn` (String) iqn is the target iSCSI Qualified Name.
-- `lun` (Number) lun represents iSCSI Target Lun number.
-- `target_portal` (String) targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-
-Optional:
-
-- `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
-- `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-- `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
-- `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
-- `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
-- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--volume--iscsi--secret_ref))
-
-<a id="nestedatt--spec--volume--iscsi--secret_ref"></a>
-### Nested Schema for `spec.volume.iscsi.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
 <a id="nestedatt--spec--volume--nfs"></a>
 ### Nested Schema for `spec.volume.nfs`
 
@@ -1253,320 +477,3 @@ Required:
 Optional:
 
 - `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
-
-
-<a id="nestedatt--spec--volume--photon_persistent_disk"></a>
-### Nested Schema for `spec.volume.photon_persistent_disk`
-
-Required:
-
-- `pd_id` (String) pdID is the ID that identifies Photon Controller persistent disk
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-
-
-<a id="nestedatt--spec--volume--portworx_volume"></a>
-### Nested Schema for `spec.volume.portworx_volume`
-
-Required:
-
-- `volume_id` (String) volumeID uniquely identifies a Portworx volume
-
-Optional:
-
-- `fs_type` (String) fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-
-
-<a id="nestedatt--spec--volume--projected"></a>
-### Nested Schema for `spec.volume.projected`
-
-Optional:
-
-- `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `sources` (Attributes List) sources is the list of volume projections. Each entry in this list handles one source. (see [below for nested schema](#nestedatt--spec--volume--projected--sources))
-
-<a id="nestedatt--spec--volume--projected--sources"></a>
-### Nested Schema for `spec.volume.projected.sources`
-
-Optional:
-
-- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' field of ClusterTrustBundle objects in an auto-updating file. Alpha, gated by the ClusterTrustBundleProjection feature gate. ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--cluster_trust_bundle))
-- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--volume--projected--sources--config_map))
-- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--volume--projected--sources--downward_api))
-- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--volume--projected--sources--secret))
-- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--volume--projected--sources--service_account_token))
-
-<a id="nestedatt--spec--volume--projected--sources--cluster_trust_bundle"></a>
-### Nested Schema for `spec.volume.projected.sources.cluster_trust_bundle`
-
-Required:
-
-- `path` (String) Relative path from the volume root to write the bundle.
-
-Optional:
-
-- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as 'match nothing'. If set but empty, interpreted as 'match everything'. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--cluster_trust_bundle--label_selector))
-- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
-- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
-- `signer_name` (String) Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
-
-<a id="nestedatt--spec--volume--projected--sources--cluster_trust_bundle--label_selector"></a>
-### Nested Schema for `spec.volume.projected.sources.cluster_trust_bundle.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--volume--projected--sources--cluster_trust_bundle--label_selector--match_expressions"></a>
-### Nested Schema for `spec.volume.projected.sources.cluster_trust_bundle.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--volume--projected--sources--config_map"></a>
-### Nested Schema for `spec.volume.projected.sources.config_map`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
-
-<a id="nestedatt--spec--volume--projected--sources--config_map--items"></a>
-### Nested Schema for `spec.volume.projected.sources.config_map.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volume--projected--sources--downward_api"></a>
-### Nested Schema for `spec.volume.projected.sources.downward_api`
-
-Optional:
-
-- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--volume--projected--sources--downward_api--items))
-
-<a id="nestedatt--spec--volume--projected--sources--downward_api--items"></a>
-### Nested Schema for `spec.volume.projected.sources.downward_api.items`
-
-Required:
-
-- `path` (String) Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
-
-Optional:
-
-- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--downward_api--items--field_ref))
-- `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--downward_api--items--resource_field_ref))
-
-<a id="nestedatt--spec--volume--projected--sources--downward_api--items--field_ref"></a>
-### Nested Schema for `spec.volume.projected.sources.downward_api.items.field_ref`
-
-Required:
-
-- `field_path` (String) Path of the field to select in the specified API version.
-
-Optional:
-
-- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'.
-
-
-<a id="nestedatt--spec--volume--projected--sources--downward_api--items--resource_field_ref"></a>
-### Nested Schema for `spec.volume.projected.sources.downward_api.items.resource_field_ref`
-
-Required:
-
-- `resource` (String) Required: resource to select
-
-Optional:
-
-- `container_name` (String) Container name: required for volumes, optional for env vars
-- `divisor` (String) Specifies the output format of the exposed resources, defaults to '1'
-
-
-
-
-<a id="nestedatt--spec--volume--projected--sources--secret"></a>
-### Nested Schema for `spec.volume.projected.sources.secret`
-
-Optional:
-
-- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volume--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) optional field specify whether the Secret or its key must be defined
-
-<a id="nestedatt--spec--volume--projected--sources--secret--items"></a>
-### Nested Schema for `spec.volume.projected.sources.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volume--projected--sources--service_account_token"></a>
-### Nested Schema for `spec.volume.projected.sources.service_account_token`
-
-Required:
-
-- `path` (String) path is the path relative to the mount point of the file to project the token into.
-
-Optional:
-
-- `audience` (String) audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
-- `expiration_seconds` (Number) expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
-
-
-
-
-<a id="nestedatt--spec--volume--quobyte"></a>
-### Nested Schema for `spec.volume.quobyte`
-
-Required:
-
-- `registry` (String) registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
-- `volume` (String) volume is a string that references an already created Quobyte volume by name.
-
-Optional:
-
-- `group` (String) group to map volume access to Default is no group
-- `read_only` (Boolean) readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
-- `tenant` (String) tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
-- `user` (String) user to map volume access to Defaults to serivceaccount user
-
-
-<a id="nestedatt--spec--volume--rbd"></a>
-### Nested Schema for `spec.volume.rbd`
-
-Required:
-
-- `image` (String) image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `monitors` (List of String) monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-- `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--volume--rbd--secret_ref))
-- `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-
-<a id="nestedatt--spec--volume--rbd--secret_ref"></a>
-### Nested Schema for `spec.volume.rbd.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--scale_io"></a>
-### Nested Schema for `spec.volume.scale_io`
-
-Required:
-
-- `gateway` (String) gateway is the host address of the ScaleIO API Gateway.
-- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--volume--scale_io--secret_ref))
-- `system` (String) system is the name of the storage system as configured in ScaleIO.
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Default is 'xfs'.
-- `protection_domain` (String) protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
-- `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `ssl_enabled` (Boolean) sslEnabled Flag enable/disable SSL communication with Gateway, default false
-- `storage_mode` (String) storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
-- `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain.
-- `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
-
-<a id="nestedatt--spec--volume--scale_io--secret_ref"></a>
-### Nested Schema for `spec.volume.scale_io.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--secret"></a>
-### Nested Schema for `spec.volume.secret`
-
-Optional:
-
-- `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--volume--secret--items))
-- `optional` (Boolean) optional field specify whether the Secret or its keys must be defined
-- `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-
-<a id="nestedatt--spec--volume--secret--items"></a>
-### Nested Schema for `spec.volume.secret.items`
-
-Required:
-
-- `key` (String) key is the key to project.
-- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
-
-Optional:
-
-- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
-
-
-
-<a id="nestedatt--spec--volume--storageos"></a>
-### Nested Schema for `spec.volume.storageos`
-
-Optional:
-
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
-- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--volume--storageos--secret_ref))
-- `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
-- `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
-
-<a id="nestedatt--spec--volume--storageos--secret_ref"></a>
-### Nested Schema for `spec.volume.storageos.secret_ref`
-
-Optional:
-
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
-
-
-<a id="nestedatt--spec--volume--vsphere_volume"></a>
-### Nested Schema for `spec.volume.vsphere_volume`
-
-Required:
-
-- `volume_path` (String) volumePath is the path that identifies vSphere volume vmdk
-
-Optional:
-
-- `fs_type` (String) fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
-- `storage_policy_id` (String) storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
-- `storage_policy_name` (String) storagePolicyName is the storage Policy Based Management (SPBM) profile name.
diff --git a/docs/data-sources/k8s_mariadb_com_sql_job_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_sql_job_v1alpha1_manifest.md
index 68246b7ec..51058d70f 100644
--- a/docs/data-sources/k8s_mariadb_com_sql_job_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_sql_job_v1alpha1_manifest.md
@@ -89,13 +89,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
 
@@ -104,12 +99,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--affinity"></a>
@@ -118,274 +112,34 @@ Optional:
 Optional:
 
 - `anti_affinity_enabled` (Boolean) AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
-- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity))
-- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity))
-- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
-
-<a id="nestedatt--spec--affinity--node_affinity"></a>
-### Nested Schema for `spec.affinity.node_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference))
-- `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--preferred_during_scheduling_ignored_during_execution--preference--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.preferred_during_scheduling_ignored_during_execution.preference.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms`
-
-Optional:
-
-- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions))
-- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields))
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-<a id="nestedatt--spec--affinity--node_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields"></a>
-### Nested Schema for `spec.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields`
-
-Required:
-
-- `key` (String) The label key that the selector applies to.
-- `operator` (String) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-Optional:
-
-- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity"></a>
-### Nested Schema for `spec.affinity.pod_affinity`
-
-Optional:
-
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution))
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution`
-
-Required:
-
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
-
-Optional:
-
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.label_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
-
+- `pod_anti_affinity` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podantiaffinity-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity`
 
 Optional:
 
-- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
-- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
+- `preferred_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution))
+- `required_during_scheduling_ignored_during_execution` (Attributes List) (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution`
 
 Required:
 
-- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
-- `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+- `pod_affinity_term` (Attributes) Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podaffinityterm-v1-core. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term))
+- `weight` (Number)
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term`
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.label_selector`
@@ -409,28 +163,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution.pod_affinity_term.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution"></a>
@@ -438,15 +170,11 @@ Optional:
 
 Required:
 
-- `topology_key` (String) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+- `topology_key` (String)
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
-- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
-- `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
+- `label_selector` (Attributes) A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
 
 <a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector"></a>
 ### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector`
@@ -470,28 +198,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector`
-
-Optional:
-
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector.match_expressions`
-
-Required:
-
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-
-Optional:
-
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
-
-
 
 
 
@@ -500,7 +206,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--image_pull_secrets"></a>
@@ -508,7 +214,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `name` (String)
 
 
 <a id="nestedatt--spec--inherit_metadata"></a>
@@ -608,21 +314,8 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-<a id="nestedatt--spec--resources--claims"></a>
-### Nested Schema for `spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-Optional:
-
-- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
-
+- `limits` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
+- `requests` (Map of String) ResourceList is a set of (resource name, quantity) pairs.
 
 
 <a id="nestedatt--spec--schedule"></a>
@@ -642,30 +335,13 @@ Optional:
 
 Optional:
 
-- `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--app_armor_profile))
-- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
-- `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-- `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-- `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-- `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--se_linux_options))
-- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--security_context--seccomp_profile))
-- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--security_context--windows_options))
-
-<a id="nestedatt--spec--security_context--app_armor_profile"></a>
-### Nested Schema for `spec.security_context.app_armor_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is 'Localhost'.
-
+- `allow_privilege_escalation` (Boolean)
+- `capabilities` (Attributes) Adds and removes POSIX capabilities from running containers. (see [below for nested schema](#nestedatt--spec--security_context--capabilities))
+- `privileged` (Boolean)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
 
 <a id="nestedatt--spec--security_context--capabilities"></a>
 ### Nested Schema for `spec.security_context.capabilities`
@@ -676,52 +352,17 @@ Optional:
 - `drop` (List of String) Removed capabilities
 
 
-<a id="nestedatt--spec--security_context--se_linux_options"></a>
-### Nested Schema for `spec.security_context.se_linux_options`
-
-Optional:
-
-- `level` (String) Level is SELinux level label that applies to the container.
-- `role` (String) Role is a SELinux role label that applies to the container.
-- `type` (String) Type is a SELinux type label that applies to the container.
-- `user` (String) User is a SELinux user label that applies to the container.
-
-
-<a id="nestedatt--spec--security_context--seccomp_profile"></a>
-### Nested Schema for `spec.security_context.seccomp_profile`
-
-Required:
-
-- `type` (String) type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
-Optional:
-
-- `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type.
-
-
-<a id="nestedatt--spec--security_context--windows_options"></a>
-### Nested Schema for `spec.security_context.windows_options`
-
-Optional:
-
-- `gmsa_credential_spec` (String) GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-- `gmsa_credential_spec_name` (String) GMSACredentialSpecName is the name of the GMSA credential spec to use.
-- `host_process` (Boolean) HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
-- `run_as_user_name` (String) The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
 
 <a id="nestedatt--spec--sql_config_map_key_ref"></a>
 ### Nested Schema for `spec.sql_config_map_key_ref`
 
 Required:
 
-- `key` (String) The key to select.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--tolerations"></a>
diff --git a/docs/data-sources/k8s_mariadb_com_user_v1alpha1_manifest.md b/docs/data-sources/k8s_mariadb_com_user_v1alpha1_manifest.md
index 459a5b6e5..27ec613fb 100644
--- a/docs/data-sources/k8s_mariadb_com_user_v1alpha1_manifest.md
+++ b/docs/data-sources/k8s_mariadb_com_user_v1alpha1_manifest.md
@@ -74,13 +74,8 @@ Optional:
 
 Optional:
 
-- `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
-- `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-- `resource_version` (String) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-- `uid` (String) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+- `name` (String)
+- `namespace` (String)
 - `wait_for_it` (Boolean) WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
 
 
@@ -89,12 +84,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--password_plugin"></a>
@@ -110,12 +104,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 <a id="nestedatt--spec--password_plugin--plugin_name_secret_key_ref"></a>
@@ -123,12 +116,11 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
 
 
 
@@ -137,9 +129,8 @@ Optional:
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String)
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String)
diff --git a/docs/data-sources/kiali_io_kiali_v1alpha1_manifest.md b/docs/data-sources/kiali_io_kiali_v1alpha1_manifest.md
index 2980999e9..8a3558509 100644
--- a/docs/data-sources/kiali_io_kiali_v1alpha1_manifest.md
+++ b/docs/data-sources/kiali_io_kiali_v1alpha1_manifest.md
@@ -397,10 +397,10 @@ Optional:
 - `auth` (Attributes) Settings used to authenticate with the Grafana instance. (see [below for nested schema](#nestedatt--spec--external_services--grafana--auth))
 - `dashboards` (Attributes List) A list of Grafana dashboards that Kiali can link to. (see [below for nested schema](#nestedatt--spec--external_services--grafana--dashboards))
 - `enabled` (Boolean) When true, Grafana support will be enabled in Kiali.
-- `health_check_url` (String) Used in the Components health feature. This is the URL which Kiali will ping to determine whether the component is reachable or not. It defaults to 'in_cluster_url' when not provided.
-- `in_cluster_url` (String) The URL used for in-cluster access. An example would be 'http://grafana.istio-system:3000'. This URL can contain query parameters if needed, such as '?orgId=1'. If not defined, it will default to 'http://grafana.<istio_namespace>:3000'.
+- `external_url` (String) The URL that the Kiali UI uses when displaying Grafana links to the user. This URL must be accessible to clients external to the cluster (e.g. a browser) in order for the integration to work properly. If empty, an attempt to auto-discover it is made. This URL can contain query parameters if needed, such as '?orgId=1'.
+- `health_check_url` (String) Used in the Components health feature. This is the URL which Kiali will ping to determine whether the component is reachable or not. It defaults to 'internal_url' when not provided.
+- `internal_url` (String) The URL used by Kiali to perform requests and queries to Grafana. An example would be 'http://grafana.istio-system:3000'. This URL can contain query parameters if needed, such as '?orgId=1'. If not defined, it will default to 'http://grafana.<istio_namespace>:3000'.
 - `is_core` (Boolean) Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning.
-- `url` (String) The URL that Kiali uses when integrating with Grafana. This URL must be accessible to clients external to the cluster in order for the integration to work properly. If empty, an attempt to auto-discover it is made. This URL can contain query parameters if needed, such as '?orgId=1'.
 
 <a id="nestedatt--spec--external_services--grafana--auth"></a>
 ### Nested Schema for `spec.external_services.grafana.auth`
@@ -546,17 +546,17 @@ Optional:
 
 - `auth` (Attributes) Settings used to authenticate with the Tracing server instance. (see [below for nested schema](#nestedatt--spec--external_services--tracing--auth))
 - `custom_headers` (Map of String) A set of name/value settings that will be passed as headers when requests are sent to the Tracing backend.
-- `enabled` (Boolean) When true, connections to the Tracing server are enabled. 'in_cluster_url' and/or 'url' need to be provided.
+- `enabled` (Boolean) When true, connections to the Tracing server are enabled. 'internal_url' and/or 'external_url' need to be provided.
+- `external_url` (String) The URL that the Kiali UI uses when displaying Tracing UI links to the user. This URL must be accessible to clients external to the cluster (e.g. a browser) in order to generate valid links. If the tracing service is deployed with a QUERY_BASE_PATH set, set this URL like https://<hostname>/<QUERY_BASE_PATH>; for example, https://tracing-service:8080/jaeger
 - `grpc_port` (Number) Set port number when 'use_grpc' is true and 'provider' is 'tempo'. By default is '9095'
 - `health_check_url` (String) Used in the Components health feature. This is the url which Kiali will ping to determine whether the component is reachable or not. It defaults to 'url' when not provided.
-- `in_cluster_url` (String) Set URL for in-cluster access, which enables further integration between Kiali and Jaeger. When not provided, Kiali will only show external links using the 'url' setting. Note: Jaeger v1.20+ has separated ports for GRPC(16685) and HTTP(16686) requests. Make sure you use the appropriate port according to the 'use_grpc' value. Example: http://tracing.istio-system:16685
+- `internal_url` (String) The URL used by Kiali to perform requests and queries to the tracing backend which enables further integration between Kiali and the tracing server. When not provided, Kiali will only show external links using the 'external_url' setting. Note: Jaeger v1.20+ has separated ports for GRPC(16685) and HTTP(16686) requests. Make sure you use the appropriate port according to the 'use_grpc' value. Example: http://tracing.istio-system:16685
 - `is_core` (Boolean) Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning.
 - `namespace_selector` (Boolean) Kiali use this boolean to find traces with a namespace selector : service.namespace.
 - `provider` (String) The trace provider to get the traces from. Value must be one of: 'jaeger' or 'tempo'.
 - `query_scope` (Map of String) A set of tagKey/tagValue settings applied to every Jaeger query. Used to narrow unified traces to only those scoped to the Kiali instance.
 - `query_timeout` (Number) The amount of time in seconds Kiali will wait for a response from 'jaeger-query' service when fetching traces.
 - `tempo_config` (Attributes) Settings used to configure the access url to the Tempo Datasource in Grafana. (see [below for nested schema](#nestedatt--spec--external_services--tracing--tempo_config))
-- `url` (String) The external URL that will be used to generate links to Jaeger. It must be accessible to clients external to the cluster (e.g: a browser) in order to generate valid links. If the tracing service is deployed with a QUERY_BASE_PATH set, set this URL like https://<hostname>/<QUERY_BASE_PATH>. For example, https://tracing-service:8080/jaeger
 - `use_grpc` (Boolean) Set to true in order to enable GRPC connections between Kiali and Jaeger which will speed up the queries. In some setups you might not be able to use GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). If not specified, this will defalt to 'true'.
 - `whitelist_istio_system` (List of String) Kiali will get the traces of these services found in the Istio control plane namespace.
 
diff --git a/docs/data-sources/kueue_x_k8s_io_cohort_v1alpha1_manifest.md b/docs/data-sources/kueue_x_k8s_io_cohort_v1alpha1_manifest.md
new file mode 100644
index 000000000..a12e81b35
--- /dev/null
+++ b/docs/data-sources/kueue_x_k8s_io_cohort_v1alpha1_manifest.md
@@ -0,0 +1,87 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_kueue_x_k8s_io_cohort_v1alpha1_manifest Data Source - terraform-provider-k8s"
+subcategory: "kueue.x-k8s.io"
+description: |-
+  Cohort is the Schema for the cohorts API. Using Hierarchical Cohorts (any Cohort which has a parent) with Fair Sharing results in undefined behavior in 0.9
+---
+
+# k8s_kueue_x_k8s_io_cohort_v1alpha1_manifest (Data Source)
+
+Cohort is the Schema for the cohorts API. Using Hierarchical Cohorts (any Cohort which has a parent) with Fair Sharing results in undefined behavior in 0.9
+
+## Example Usage
+
+```terraform
+data "k8s_kueue_x_k8s_io_cohort_v1alpha1_manifest" "example" {
+  metadata = {
+    name = "some-name"
+
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) CohortSpec defines the desired state of Cohort (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Optional:
+
+- `parent` (String) Parent references the name of the Cohort's parent, if any. It satisfies one of three cases: 1) Unset. This Cohort is the root of its Cohort tree. 2) References a non-existent Cohort. We use default Cohort (no borrowing/lending limits). 3) References an existent Cohort. If a cycle is created, we disable all members of the Cohort, including ClusterQueues, until the cycle is removed. We prevent further admission while the cycle exists.
+- `resource_groups` (Attributes List) ResourceGroups describes groupings of Resources and Flavors. Each ResourceGroup defines a list of Resources and a list of Flavors which provide quotas for these Resources. Each Resource and each Flavor may only form part of one ResourceGroup. There may be up to 16 ResourceGroups within a Cohort. BorrowingLimit limits how much members of this Cohort subtree can borrow from the parent subtree. LendingLimit limits how much members of this Cohort subtree can lend to the parent subtree. Borrowing and Lending limits must only be set when the Cohort has a parent. Otherwise, the Cohort create/update will be rejected by the webhook. (see [below for nested schema](#nestedatt--spec--resource_groups))
+
+<a id="nestedatt--spec--resource_groups"></a>
+### Nested Schema for `spec.resource_groups`
+
+Required:
+
+- `covered_resources` (List of String) coveredResources is the list of resources covered by the flavors in this group. Examples: cpu, memory, vendor.com/gpu. The list cannot be empty and it can contain up to 16 resources.
+- `flavors` (Attributes List) flavors is the list of flavors that provide the resources of this group. Typically, different flavors represent different hardware models (e.g., gpu models, cpu architectures) or pricing models (on-demand vs spot cpus). Each flavor MUST list all the resources listed for this group in the same order as the .resources field. The list cannot be empty and it can contain up to 16 flavors. (see [below for nested schema](#nestedatt--spec--resource_groups--flavors))
+
+<a id="nestedatt--spec--resource_groups--flavors"></a>
+### Nested Schema for `spec.resource_groups.flavors`
+
+Required:
+
+- `name` (String) name of this flavor. The name should match the .metadata.name of a ResourceFlavor. If a matching ResourceFlavor does not exist, the ClusterQueue will have an Active condition set to False.
+- `resources` (Attributes List) resources is the list of quotas for this flavor per resource. There could be up to 16 resources. (see [below for nested schema](#nestedatt--spec--resource_groups--flavors--resources))
+
+<a id="nestedatt--spec--resource_groups--flavors--resources"></a>
+### Nested Schema for `spec.resource_groups.flavors.resources`
+
+Required:
+
+- `name` (String) name of this resource.
+- `nominal_quota` (String) nominalQuota is the quantity of this resource that is available for Workloads admitted by this ClusterQueue at a point in time. The nominalQuota must be non-negative. nominalQuota should represent the resources in the cluster available for running jobs (after discounting resources consumed by system components and pods not managed by kueue). In an autoscaled cluster, nominalQuota should account for resources that can be provided by a component such as Kubernetes cluster-autoscaler. If the ClusterQueue belongs to a cohort, the sum of the quotas for each (flavor, resource) combination defines the maximum quantity that can be allocated by a ClusterQueue in the cohort.
+
+Optional:
+
+- `borrowing_limit` (String) borrowingLimit is the maximum amount of quota for the [flavor, resource] combination that this ClusterQueue is allowed to borrow from the unused quota of other ClusterQueues in the same cohort. In total, at a given time, Workloads in a ClusterQueue can consume a quantity of quota equal to nominalQuota+borrowingLimit, assuming the other ClusterQueues in the cohort have enough unused quota. If null, it means that there is no borrowing limit. If not null, it must be non-negative. borrowingLimit must be null if spec.cohort is empty.
+- `lending_limit` (String) lendingLimit is the maximum amount of unused quota for the [flavor, resource] combination that this ClusterQueue can lend to other ClusterQueues in the same cohort. In total, at a given time, ClusterQueue reserves for its exclusive use a quantity of quota equals to nominalQuota - lendingLimit. If null, it means that there is no lending limit, meaning that all the nominalQuota can be borrowed by other clusterQueues in the cohort. If not null, it must be non-negative. lendingLimit must be null if spec.cohort is empty. This field is in beta stage and is enabled by default.
diff --git a/docs/data-sources/kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest.md b/docs/data-sources/kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest.md
new file mode 100644
index 000000000..3c526694d
--- /dev/null
+++ b/docs/data-sources/kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest.md
@@ -0,0 +1,65 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest Data Source - terraform-provider-k8s"
+subcategory: "kueue.x-k8s.io"
+description: |-
+  MultiKueueCluster is the Schema for the multikueue API
+---
+
+# k8s_kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest (Data Source)
+
+MultiKueueCluster is the Schema for the multikueue API
+
+## Example Usage
+
+```terraform
+data "k8s_kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest" "example" {
+  metadata = {
+    name = "some-name"
+
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `kube_config` (Attributes) Information how to connect to the cluster. (see [below for nested schema](#nestedatt--spec--kube_config))
+
+<a id="nestedatt--spec--kube_config"></a>
+### Nested Schema for `spec.kube_config`
+
+Required:
+
+- `location` (String) Location of the KubeConfig. If LocationType is Secret then Location is the name of the secret inside the namespace in which the kueue controller manager is running. The config should be stored in the 'kubeconfig' key.
+- `location_type` (String) Type of the KubeConfig location.
diff --git a/docs/data-sources/kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest.md b/docs/data-sources/kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest.md
new file mode 100644
index 000000000..a68f559a4
--- /dev/null
+++ b/docs/data-sources/kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest.md
@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest Data Source - terraform-provider-k8s"
+subcategory: "kueue.x-k8s.io"
+description: |-
+  MultiKueueConfig is the Schema for the multikueue API
+---
+
+# k8s_kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest (Data Source)
+
+MultiKueueConfig is the Schema for the multikueue API
+
+## Example Usage
+
+```terraform
+data "k8s_kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest" "example" {
+  metadata = {
+    name = "some-name"
+
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) MultiKueueConfigSpec defines the desired state of MultiKueueConfig (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `clusters` (List of String) List of MultiKueueClusters names where the workloads from the ClusterQueue should be distributed.
diff --git a/docs/data-sources/kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest.md b/docs/data-sources/kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest.md
new file mode 100644
index 000000000..2b338f11a
--- /dev/null
+++ b/docs/data-sources/kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest.md
@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest Data Source - terraform-provider-k8s"
+subcategory: "kueue.x-k8s.io"
+description: |-
+  ProvisioningRequestConfig is the Schema for the provisioningrequestconfig API
+---
+
+# k8s_kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest (Data Source)
+
+ProvisioningRequestConfig is the Schema for the provisioningrequestconfig API
+
+## Example Usage
+
+```terraform
+data "k8s_kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest" "example" {
+  metadata = {
+    name = "some-name"
+
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) ProvisioningRequestConfigSpec defines the desired state of ProvisioningRequestConfig (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `provisioning_class_name` (String) ProvisioningClassName describes the different modes of provisioning the resources. Check autoscaling.x-k8s.io ProvisioningRequestSpec.ProvisioningClassName for details.
+
+Optional:
+
+- `managed_resources` (List of String) managedResources contains the list of resources managed by the autoscaling. If empty, all resources are considered managed. If not empty, the ProvisioningRequest will contain only the podsets that are requesting at least one of them. If none of the workloads podsets is requesting at least a managed resource, the workload is considered ready.
+- `parameters` (Map of String) Parameters contains all other parameters classes may require.
diff --git a/docs/data-sources/kueue_x_k8s_io_workload_priority_class_v1beta1_manifest.md b/docs/data-sources/kueue_x_k8s_io_workload_priority_class_v1beta1_manifest.md
new file mode 100644
index 000000000..6a955b180
--- /dev/null
+++ b/docs/data-sources/kueue_x_k8s_io_workload_priority_class_v1beta1_manifest.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_kueue_x_k8s_io_workload_priority_class_v1beta1_manifest Data Source - terraform-provider-k8s"
+subcategory: "kueue.x-k8s.io"
+description: |-
+  WorkloadPriorityClass is the Schema for the workloadPriorityClass API
+---
+
+# k8s_kueue_x_k8s_io_workload_priority_class_v1beta1_manifest (Data Source)
+
+WorkloadPriorityClass is the Schema for the workloadPriorityClass API
+
+## Example Usage
+
+```terraform
+data "k8s_kueue_x_k8s_io_workload_priority_class_v1beta1_manifest" "example" {
+  metadata = {
+    name = "some-name"
+
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+- `value` (Number) value represents the integer value of this workloadPriorityClass. This is the actual priority that workloads receive when jobs have the name of this class in their workloadPriorityClass label. Changing the value of workloadPriorityClass doesn't affect the priority of workloads that were already created.
+
+### Optional
+
+- `description` (String) description is an arbitrary string that usually provides guidelines on when this workloadPriorityClass should be used.
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
diff --git a/docs/data-sources/kuma_io_mesh_trace_v1alpha1_manifest.md b/docs/data-sources/kuma_io_mesh_trace_v1alpha1_manifest.md
index 99ded45a9..afa9042c9 100644
--- a/docs/data-sources/kuma_io_mesh_trace_v1alpha1_manifest.md
+++ b/docs/data-sources/kuma_io_mesh_trace_v1alpha1_manifest.md
@@ -121,7 +121,7 @@ Optional:
 Optional:
 
 - `client` (String) Target percentage of requests that will be force traced if the 'x-client-trace-id' header is set. Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 Either int or decimal represented as string.
-- `overall` (String) Target percentage of requests will be traced after all other sampling checks have been applied (client, force tracing, random sampling). This field functions as an upper limit on the total configured sampling rate. For instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% of client requests with the appropriate headers to be force traced. Mirror of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 Either int or decimal represented as string.
+- `overall` (String) Target percentage of requests will be traced after all other sampling checks have been applied (client, force tracing, random sampling). This field functions as an upper limit on the total configured sampling rate. For instance, setting client to 100 but overall to 1 will result in only 1% of client requests with the appropriate headers to be force traced. Mirror of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 Either int or decimal represented as string.
 - `random` (String) Target percentage of requests that will be randomly selected for trace generation, if not requested by the client or not forced. Mirror of random_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 Either int or decimal represented as string.
 
 
diff --git a/docs/data-sources/logging_banzaicloud_io_cluster_output_v1alpha1_manifest.md b/docs/data-sources/logging_banzaicloud_io_cluster_output_v1alpha1_manifest.md
index 0f971444a..a83859f2c 100644
--- a/docs/data-sources/logging_banzaicloud_io_cluster_output_v1alpha1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_cluster_output_v1alpha1_manifest.md
@@ -2734,6 +2734,7 @@ Required:
 Optional:
 
 - `buffer` (Attributes) (see [below for nested schema](#nestedatt--spec--gelf--buffer))
+- `max_bytes` (Number)
 - `protocol` (String)
 - `tls` (Boolean)
 - `tls_options` (Map of String)
diff --git a/docs/data-sources/logging_banzaicloud_io_cluster_output_v1beta1_manifest.md b/docs/data-sources/logging_banzaicloud_io_cluster_output_v1beta1_manifest.md
index 7cb50dcb1..b9e6f15a8 100644
--- a/docs/data-sources/logging_banzaicloud_io_cluster_output_v1beta1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_cluster_output_v1beta1_manifest.md
@@ -2734,6 +2734,7 @@ Required:
 Optional:
 
 - `buffer` (Attributes) (see [below for nested schema](#nestedatt--spec--gelf--buffer))
+- `max_bytes` (Number)
 - `protocol` (String)
 - `tls` (Boolean)
 - `tls_options` (Map of String)
diff --git a/docs/data-sources/logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest.md b/docs/data-sources/logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest.md
index b0930fa30..b7c995059 100644
--- a/docs/data-sources/logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest.md
@@ -496,6 +496,7 @@ Optional:
 - `storage_backlog_mem_limit` (String)
 - `storage_checksum` (String)
 - `storage_delete_irrecoverable_chunks` (String)
+- `storage_max_chunks_up` (Number)
 - `storage_metrics` (String)
 - `storage_path` (String)
 - `storage_sync` (String)
@@ -777,6 +778,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--buffer_volume_metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--buffer_volume_metrics--service_monitor_config--tls_config--ca"></a>
@@ -881,6 +884,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--config_hot_reload"></a>
@@ -926,6 +933,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -1531,6 +1542,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--metrics--service_monitor_config--tls_config--ca"></a>
@@ -1901,6 +1914,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--security"></a>
@@ -1928,6 +1945,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--security--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--security--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--security--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--security--pod_security_context--windows_options))
 
diff --git a/docs/data-sources/logging_banzaicloud_io_logging_v1beta1_manifest.md b/docs/data-sources/logging_banzaicloud_io_logging_v1beta1_manifest.md
index 7318773ba..bd787ed31 100644
--- a/docs/data-sources/logging_banzaicloud_io_logging_v1beta1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_logging_v1beta1_manifest.md
@@ -1468,6 +1468,7 @@ Optional:
 - `storage_backlog_mem_limit` (String)
 - `storage_checksum` (String)
 - `storage_delete_irrecoverable_chunks` (String)
+- `storage_max_chunks_up` (Number)
 - `storage_metrics` (String)
 - `storage_path` (String)
 - `storage_sync` (String)
@@ -1749,6 +1750,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentbit--buffer_volume_metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--fluentbit--buffer_volume_metrics--service_monitor_config--tls_config--ca"></a>
@@ -1853,6 +1856,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentbit--config_hot_reload"></a>
@@ -1898,6 +1905,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -2503,6 +2514,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentbit--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--fluentbit--metrics--service_monitor_config--tls_config--ca"></a>
@@ -2873,6 +2886,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentbit--security"></a>
@@ -2900,6 +2917,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentbit--security--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentbit--security--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--fluentbit--security--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentbit--security--pod_security_context--windows_options))
 
@@ -3847,6 +3865,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentd--buffer_volume_metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--fluentd--buffer_volume_metrics--service_monitor_config--tls_config--ca"></a>
@@ -3951,6 +3971,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--config_check"></a>
@@ -3979,6 +4003,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--config_reloader_image"></a>
@@ -4016,6 +4044,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--dns_config"></a>
@@ -4717,6 +4749,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentd--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--fluentd--metrics--service_monitor_config--tls_config--ca"></a>
@@ -4920,6 +4954,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--scaling"></a>
@@ -4999,6 +5037,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--scaling--drain--security_context"></a>
@@ -5102,6 +5144,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentd--security--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentd--security--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--fluentd--security--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--fluentd--security--pod_security_context--windows_options))
 
@@ -5735,6 +5778,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--fluentd--sidecar_containers--security_context"></a>
@@ -6980,6 +7027,7 @@ Optional:
 - `storage_backlog_mem_limit` (String)
 - `storage_checksum` (String)
 - `storage_delete_irrecoverable_chunks` (String)
+- `storage_max_chunks_up` (Number)
 - `storage_metrics` (String)
 - `storage_path` (String)
 - `storage_sync` (String)
@@ -8107,6 +8155,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--containers--security_context"></a>
@@ -8760,6 +8812,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--ephemeral_containers--security_context"></a>
@@ -9413,6 +9469,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--init_containers--security_context"></a>
@@ -9611,6 +9671,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--windows_options))
 
@@ -9748,6 +9809,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--persistent_volume_claim))
@@ -10144,6 +10206,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--image"></a>
+### Nested Schema for `spec.node_agents.node_agent_fluentbit.daemon_set.spec.template.spec.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--node_agents--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--iscsi"></a>
 ### Nested Schema for `spec.node_agents.node_agent_fluentbit.daemon_set.spec.template.spec.volumes.iscsi`
 
@@ -10737,6 +10808,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--node_agents--node_agent_fluentbit--metrics--service_monitor_config--tls_config--ca"></a>
@@ -11120,6 +11193,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--security--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--security--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--security--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agents--node_agent_fluentbit--security--pod_security_context--windows_options))
 
@@ -11317,15 +11391,18 @@ Optional:
 Optional:
 
 - `buffer_volume_metrics` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--buffer_volume_metrics))
+- `buffer_volume_metrics_image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--buffer_volume_metrics_image))
 - `buffer_volume_metrics_service` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--buffer_volume_metrics_service))
 - `config_check` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check))
 - `config_check_pod` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod))
+- `config_reload_image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_reload_image))
 - `global_options` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--global_options))
 - `json_key_delim` (String)
 - `json_key_prefix` (String)
 - `log_iw_size` (Number)
 - `max_connections` (Number)
 - `metrics` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--metrics))
+- `metrics_exporter_image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--metrics_exporter_image))
 - `metrics_service` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--metrics_service))
 - `readiness_default_check` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--readiness_default_check))
 - `service` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--service))
@@ -11334,6 +11411,7 @@ Optional:
 - `source_date_parser` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--source_date_parser))
 - `source_metrics` (Attributes List) (see [below for nested schema](#nestedatt--spec--syslog_ng--source_metrics))
 - `stateful_set` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set))
+- `syslog_ng_image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--syslog_ng_image))
 - `tls` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--tls))
 
 <a id="nestedatt--spec--syslog_ng--buffer_volume_metrics"></a>
@@ -11418,6 +11496,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--buffer_volume_metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--syslog_ng--buffer_volume_metrics--service_monitor_config--tls_config--ca"></a>
@@ -11506,6 +11586,15 @@ Optional:
 
 
 
+<a id="nestedatt--spec--syslog_ng--buffer_volume_metrics_image"></a>
+### Nested Schema for `spec.syslog_ng.buffer_volume_metrics_image`
+
+Optional:
+
+- `repository` (String)
+- `tag` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--buffer_volume_metrics_service"></a>
 ### Nested Schema for `spec.syslog_ng.buffer_volume_metrics_service`
 
@@ -12472,6 +12561,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--config_check_pod--containers--security_context"></a>
@@ -13125,6 +13218,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--config_check_pod--ephemeral_containers--security_context"></a>
@@ -13778,6 +13875,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--config_check_pod--init_containers--security_context"></a>
@@ -13976,6 +14077,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--security_context--windows_options))
 
@@ -14113,6 +14215,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--config_check_pod--volumes--persistent_volume_claim))
@@ -14509,6 +14612,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--syslog_ng--config_check_pod--volumes--image"></a>
+### Nested Schema for `spec.syslog_ng.config_check_pod.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--config_check_pod--volumes--iscsi"></a>
 ### Nested Schema for `spec.syslog_ng.config_check_pod.volumes.iscsi`
 
@@ -14882,6 +14994,15 @@ Optional:
 
 
 
+<a id="nestedatt--spec--syslog_ng--config_reload_image"></a>
+### Nested Schema for `spec.syslog_ng.config_reload_image`
+
+Optional:
+
+- `repository` (String)
+- `tag` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--global_options"></a>
 ### Nested Schema for `spec.syslog_ng.global_options`
 
@@ -14983,6 +15104,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--syslog_ng--metrics--service_monitor_config--tls_config--ca"></a>
@@ -15071,6 +15194,15 @@ Optional:
 
 
 
+<a id="nestedatt--spec--syslog_ng--metrics_exporter_image"></a>
+### Nested Schema for `spec.syslog_ng.metrics_exporter_image`
+
+Optional:
+
+- `repository` (String)
+- `tag` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--metrics_service"></a>
 ### Nested Schema for `spec.syslog_ng.metrics_service`
 
@@ -16251,6 +16383,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--containers--security_context"></a>
@@ -16904,6 +17040,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--ephemeral_containers--security_context"></a>
@@ -17557,6 +17697,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--init_containers--security_context"></a>
@@ -17755,6 +17899,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--security_context--windows_options))
 
@@ -17892,6 +18037,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--persistent_volume_claim))
@@ -18288,6 +18434,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--image"></a>
+### Nested Schema for `spec.syslog_ng.stateful_set.spec.template.spec.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--stateful_set--spec--template--spec--volumes--iscsi"></a>
 ### Nested Schema for `spec.syslog_ng.stateful_set.spec.template.spec.volumes.iscsi`
 
@@ -18775,6 +18930,15 @@ Optional:
 
 
 
+<a id="nestedatt--spec--syslog_ng--syslog_ng_image"></a>
+### Nested Schema for `spec.syslog_ng.syslog_ng_image`
+
+Optional:
+
+- `repository` (String)
+- `tag` (String)
+
+
 <a id="nestedatt--spec--syslog_ng--tls"></a>
 ### Nested Schema for `spec.syslog_ng.tls`
 
diff --git a/docs/data-sources/logging_banzaicloud_io_node_agent_v1beta1_manifest.md b/docs/data-sources/logging_banzaicloud_io_node_agent_v1beta1_manifest.md
index 37d5cc2ed..b9e2b41f1 100644
--- a/docs/data-sources/logging_banzaicloud_io_node_agent_v1beta1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_node_agent_v1beta1_manifest.md
@@ -111,6 +111,7 @@ Optional:
 - `storage_backlog_mem_limit` (String)
 - `storage_checksum` (String)
 - `storage_delete_irrecoverable_chunks` (String)
+- `storage_max_chunks_up` (Number)
 - `storage_metrics` (String)
 - `storage_path` (String)
 - `storage_sync` (String)
@@ -1238,6 +1239,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--containers--security_context"></a>
@@ -1891,6 +1896,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--ephemeral_containers--security_context"></a>
@@ -2544,6 +2553,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--init_containers--security_context"></a>
@@ -2742,6 +2755,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--security_context--windows_options))
 
@@ -2879,6 +2893,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--persistent_volume_claim))
@@ -3275,6 +3290,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--image"></a>
+### Nested Schema for `spec.node_agent_fluentbit.daemon_set.spec.template.spec.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--node_agent_fluentbit--daemon_set--spec--template--spec--volumes--iscsi"></a>
 ### Nested Schema for `spec.node_agent_fluentbit.daemon_set.spec.template.spec.volumes.iscsi`
 
@@ -3868,6 +3892,8 @@ Optional:
 - `insecure_skip_verify` (Boolean)
 - `key_file` (String)
 - `key_secret` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--metrics--service_monitor_config--tls_config--key_secret))
+- `max_version` (String)
+- `min_version` (String)
 - `server_name` (String)
 
 <a id="nestedatt--spec--node_agent_fluentbit--metrics--service_monitor_config--tls_config--ca"></a>
@@ -4251,6 +4277,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--security--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--security--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--security--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--node_agent_fluentbit--security--pod_security_context--windows_options))
 
diff --git a/docs/data-sources/logging_banzaicloud_io_output_v1alpha1_manifest.md b/docs/data-sources/logging_banzaicloud_io_output_v1alpha1_manifest.md
index b5716c3b2..6298b1e65 100644
--- a/docs/data-sources/logging_banzaicloud_io_output_v1alpha1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_output_v1alpha1_manifest.md
@@ -2730,6 +2730,7 @@ Required:
 Optional:
 
 - `buffer` (Attributes) (see [below for nested schema](#nestedatt--spec--gelf--buffer))
+- `max_bytes` (Number)
 - `protocol` (String)
 - `tls` (Boolean)
 - `tls_options` (Map of String)
diff --git a/docs/data-sources/logging_banzaicloud_io_output_v1beta1_manifest.md b/docs/data-sources/logging_banzaicloud_io_output_v1beta1_manifest.md
index cecc9eabd..ff0bdb2f0 100644
--- a/docs/data-sources/logging_banzaicloud_io_output_v1beta1_manifest.md
+++ b/docs/data-sources/logging_banzaicloud_io_output_v1beta1_manifest.md
@@ -2734,6 +2734,7 @@ Required:
 Optional:
 
 - `buffer` (Attributes) (see [below for nested schema](#nestedatt--spec--gelf--buffer))
+- `max_bytes` (Number)
 - `protocol` (String)
 - `tls` (Boolean)
 - `tls_options` (Map of String)
diff --git a/docs/data-sources/logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest.md b/docs/data-sources/logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest.md
index 568f8ba3a..4da12e2ec 100644
--- a/docs/data-sources/logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest.md
+++ b/docs/data-sources/logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest.md
@@ -241,6 +241,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--container_overrides--security_context"></a>
@@ -1114,6 +1118,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--workload_overrides--containers--security_context"></a>
@@ -1393,6 +1401,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--workload_overrides--init_containers--security_context"></a>
@@ -1501,6 +1513,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--windows_options))
 
@@ -1598,6 +1611,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--persistent_volume_claim))
@@ -1994,6 +2008,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--workload_overrides--volumes--image"></a>
+### Nested Schema for `spec.workload_overrides.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--workload_overrides--volumes--iscsi"></a>
 ### Nested Schema for `spec.workload_overrides.volumes.iscsi`
 
diff --git a/docs/data-sources/logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest.md b/docs/data-sources/logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest.md
index 8509c2db4..06ce5cf8a 100644
--- a/docs/data-sources/logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest.md
+++ b/docs/data-sources/logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest.md
@@ -53,15 +53,27 @@ Optional:
 <a id="nestedatt--spec"></a>
 ### Nested Schema for `spec`
 
+Required:
+
+- `workload_meta_overrides` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_meta_overrides))
+
 Optional:
 
 - `enable_recreate_workload_on_immutable_field_change` (Boolean)
 - `file_tailers` (Attributes List) (see [below for nested schema](#nestedatt--spec--file_tailers))
 - `image` (Attributes) (see [below for nested schema](#nestedatt--spec--image))
 - `systemd_tailers` (Attributes List) (see [below for nested schema](#nestedatt--spec--systemd_tailers))
-- `workload_meta_overrides` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_meta_overrides))
 - `workload_overrides` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides))
 
+<a id="nestedatt--spec--workload_meta_overrides"></a>
+### Nested Schema for `spec.workload_meta_overrides`
+
+Optional:
+
+- `annotations` (Map of String)
+- `labels` (Map of String)
+
+
 <a id="nestedatt--spec--file_tailers"></a>
 ### Nested Schema for `spec.file_tailers`
 
@@ -257,6 +269,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--file_tailers--container_overrides--security_context"></a>
@@ -583,6 +599,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--systemd_tailers--container_overrides--security_context"></a>
@@ -697,15 +717,6 @@ Optional:
 
 
 
-<a id="nestedatt--spec--workload_meta_overrides"></a>
-### Nested Schema for `spec.workload_meta_overrides`
-
-Optional:
-
-- `annotations` (Map of String)
-- `labels` (Map of String)
-
-
 <a id="nestedatt--spec--workload_overrides"></a>
 ### Nested Schema for `spec.workload_overrides`
 
@@ -1281,6 +1292,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--workload_overrides--containers--security_context"></a>
@@ -1560,6 +1575,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--workload_overrides--init_containers--security_context"></a>
@@ -1668,6 +1687,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--security_context--windows_options))
 
@@ -1765,6 +1785,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--workload_overrides--volumes--persistent_volume_claim))
@@ -2161,6 +2182,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--workload_overrides--volumes--image"></a>
+### Nested Schema for `spec.workload_overrides.volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--workload_overrides--volumes--iscsi"></a>
 ### Nested Schema for `spec.workload_overrides.volumes.iscsi`
 
diff --git a/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md b/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md
index 81f11254d..b28eb37d6 100644
--- a/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md
+++ b/docs/data-sources/loki_grafana_com_loki_stack_v1_manifest.md
@@ -179,10 +179,10 @@ Optional:
 
 Optional:
 
-- `indexed_resource_attributes` (List of String) IndexedResourceAttributes contains the global configuration for resource attributes to store them as index labels or structured metadata or drop them altogether.
-- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--log_attributes))
+- `indexed_resource_attributes` (List of String) IndexedResourceAttributes contains the global configuration for resource attributes to store them as index labels.
+- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributes to store them as structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--log_attributes))
 - `resource_attributes` (Attributes) ResourceAttributes contains the configuration for resource attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--resource_attributes))
-- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--scope_attributes))
+- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributes to store them as structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--global--otlp--scope_attributes))
 
 <a id="nestedatt--spec--limits--global--otlp--log_attributes"></a>
 ### Nested Schema for `spec.limits.global.otlp.log_attributes`
@@ -301,9 +301,9 @@ Optional:
 
 Optional:
 
-- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--log_attributes))
+- `log_attributes` (Attributes List) LogAttributes contains the configuration for log attributes to store them as structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--log_attributes))
 - `resource_attributes` (Attributes) ResourceAttributes contains the configuration for resource attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--resource_attributes))
-- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributes to store them as index labels or structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--scope_attributes))
+- `scope_attributes` (Attributes List) ScopeAttributes contains the configuration for scope attributes to store them as structured metadata or drop them altogether. (see [below for nested schema](#nestedatt--spec--limits--tenants--otlp--scope_attributes))
 
 <a id="nestedatt--spec--limits--tenants--otlp--log_attributes"></a>
 ### Nested Schema for `spec.limits.tenants.otlp.log_attributes`
diff --git a/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md b/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md
index c64d761d7..32a48310a 100644
--- a/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md
+++ b/docs/data-sources/multicluster_crd_antrea_io_resource_export_v1alpha1_manifest.md
@@ -1223,7 +1223,7 @@ Optional:
 Optional:
 
 - `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
 - `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
@@ -1251,7 +1251,7 @@ Optional:
 Optional:
 
 - `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
 - `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
@@ -1359,6 +1359,7 @@ Optional:
 - `selector` (Map of String) Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/
 - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
 - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--service--service_spec--session_affinity_config))
+- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to 'PreferClose', implementations should prioritize endpoints that are topologically close (e.g., same zone). This is an alpha field and requires enabling ServiceTrafficDistribution feature.
 - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. 'ClusterIP' allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is 'None', no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. 'NodePort' builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. 'LoadBalancer' builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. 'ExternalName' aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
 
 <a id="nestedatt--spec--service--service_spec--ports"></a>
diff --git a/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md b/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md
index f3818f575..31db2de13 100644
--- a/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md
+++ b/docs/data-sources/multicluster_crd_antrea_io_resource_import_v1alpha1_manifest.md
@@ -1223,7 +1223,7 @@ Optional:
 Optional:
 
 - `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
 - `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
@@ -1251,7 +1251,7 @@ Optional:
 Optional:
 
 - `api_version` (String) API version of the referent.
-- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+- `field_path` (String) If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: 'spec.containers{name}' (where 'name' refers to the name of the container that triggered the event) or if no container name is specified 'spec.containers[2]' (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
 - `kind` (String) Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `namespace` (String) Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
diff --git a/docs/data-sources/opentelemetry_io_instrumentation_v1alpha1_manifest.md b/docs/data-sources/opentelemetry_io_instrumentation_v1alpha1_manifest.md
index 5c21caa93..00d9205b0 100644
--- a/docs/data-sources/opentelemetry_io_instrumentation_v1alpha1_manifest.md
+++ b/docs/data-sources/opentelemetry_io_instrumentation_v1alpha1_manifest.md
@@ -56,6 +56,7 @@ Optional:
 Optional:
 
 - `apache_httpd` (Attributes) (see [below for nested schema](#nestedatt--spec--apache_httpd))
+- `defaults` (Attributes) (see [below for nested schema](#nestedatt--spec--defaults))
 - `dotnet` (Attributes) (see [below for nested schema](#nestedatt--spec--dotnet))
 - `env` (Attributes List) (see [below for nested schema](#nestedatt--spec--env))
 - `exporter` (Attributes) (see [below for nested schema](#nestedatt--spec--exporter))
@@ -254,6 +255,14 @@ Optional:
 
 
 
+<a id="nestedatt--spec--defaults"></a>
+### Nested Schema for `spec.defaults`
+
+Optional:
+
+- `use_labels_for_resource_attributes` (Boolean)
+
+
 <a id="nestedatt--spec--dotnet"></a>
 ### Nested Schema for `spec.dotnet`
 
diff --git a/docs/data-sources/operator_tigera_io_api_server_v1_manifest.md b/docs/data-sources/operator_tigera_io_api_server_v1_manifest.md
index 9f2a37757..7f1a421ef 100644
--- a/docs/data-sources/operator_tigera_io_api_server_v1_manifest.md
+++ b/docs/data-sources/operator_tigera_io_api_server_v1_manifest.md
@@ -240,7 +240,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -299,7 +301,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -374,7 +378,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -433,7 +439,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--api_server_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
diff --git a/docs/data-sources/operator_tigera_io_egress_gateway_v1_manifest.md b/docs/data-sources/operator_tigera_io_egress_gateway_v1_manifest.md
index dd824d93a..e3621e620 100644
--- a/docs/data-sources/operator_tigera_io_egress_gateway_v1_manifest.md
+++ b/docs/data-sources/operator_tigera_io_egress_gateway_v1_manifest.md
@@ -281,7 +281,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -340,7 +342,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -415,7 +419,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -474,7 +480,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
diff --git a/docs/data-sources/operator_tigera_io_installation_v1_manifest.md b/docs/data-sources/operator_tigera_io_installation_v1_manifest.md
index 0b256029b..be692c258 100644
--- a/docs/data-sources/operator_tigera_io_installation_v1_manifest.md
+++ b/docs/data-sources/operator_tigera_io_installation_v1_manifest.md
@@ -267,7 +267,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -326,7 +328,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -401,7 +405,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -460,7 +466,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_kube_controllers_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -813,7 +821,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -872,7 +882,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -947,7 +959,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1006,7 +1020,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1316,7 +1332,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1375,7 +1393,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1450,7 +1470,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1509,7 +1531,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_node_windows_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1818,7 +1842,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1877,7 +1903,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1952,7 +1980,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2011,7 +2041,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--calico_windows_upgrade_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2363,7 +2395,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2422,7 +2456,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2497,7 +2533,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2556,7 +2594,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--csi_node_driver_daemon_set--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -3005,7 +3045,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -3064,7 +3106,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -3139,7 +3183,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -3198,7 +3244,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--typha_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
diff --git a/docs/data-sources/operator_tigera_io_tenant_v1_manifest.md b/docs/data-sources/operator_tigera_io_tenant_v1_manifest.md
index dd832ce67..f019e8eb0 100644
--- a/docs/data-sources/operator_tigera_io_tenant_v1_manifest.md
+++ b/docs/data-sources/operator_tigera_io_tenant_v1_manifest.md
@@ -333,7 +333,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -392,7 +394,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -467,7 +471,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -526,7 +532,9 @@ Required:
 
 Optional:
 
-- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--es_kube_controller_deployment--spec--template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
diff --git a/docs/data-sources/operator_victoriametrics_com_v_logs_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_v_logs_v1beta1_manifest.md
new file mode 100644
index 000000000..41da454f0
--- /dev/null
+++ b/docs/data-sources/operator_victoriametrics_com_v_logs_v1beta1_manifest.md
@@ -0,0 +1,330 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_operator_victoriametrics_com_v_logs_v1beta1_manifest Data Source - terraform-provider-k8s"
+subcategory: "operator.victoriametrics.com"
+description: |-
+  VLogs is the Schema for the vlogs API
+---
+
+# k8s_operator_victoriametrics_com_v_logs_v1beta1_manifest (Data Source)
+
+VLogs is the Schema for the vlogs API
+
+## Example Usage
+
+```terraform
+data "k8s_operator_victoriametrics_com_v_logs_v1beta1_manifest" "example" {
+  metadata = {
+    name      = "some-name"
+    namespace = "some-namespace"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) VLogsSpec defines the desired state of VLogs (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+- `namespace` (String) Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Required:
+
+- `retention_period` (String) RetentionPeriod for the stored logs
+
+Optional:
+
+- `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
+- `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
+- `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
+- `dns_policy` (String) DNSPolicy sets DNS policy for the pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `future_retention` (String) FutureRetention for the stored logs Log entries with timestamps bigger than now+futureRetention are rejected during data ingestion; see https://docs.victoriametrics.com/victorialogs/#retention
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
+- `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
+- `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+- `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
+- `log_format` (String) LogFormat for VLogs to be configured with.
+- `log_ingested_rows` (Boolean) Whether to log all the ingested log entries; this can be useful for debugging of data ingestion; see https://docs.victoriametrics.com/victorialogs/data-ingestion/
+- `log_level` (String) LogLevel for VictoriaLogs to be configured with.
+- `log_new_streams` (Boolean) LogNewStreams Whether to log creation of new streams; this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
+- `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
+- `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
+- `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VLogs pods. (see [below for nested schema](#nestedatt--spec--pod_metadata))
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
+- `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
+- `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
+- `remove_pvc_after_delete` (Boolean) RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VLogs object deletion - pvc will be garbage collected by controller manager
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
+- `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
+- `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
+- `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
+- `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vlogs VMServiceScrape spec
+- `service_spec` (Attributes) ServiceSpec that will be added to vlogs service spec (see [below for nested schema](#nestedatt--spec--service_spec))
+- `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
+- `storage` (Attributes) Storage is the definition of how storage will be used by the VLogs by default it's empty dir (see [below for nested schema](#nestedatt--spec--storage))
+- `storage_data_path` (String) StorageDataPath disables spec.storage option and overrides arg for victoria-logs binary --storageDataPath, its users responsibility to mount proper device into given path.
+- `storage_metadata` (Attributes) StorageMeta defines annotations and labels attached to PVC for given vlogs CR (see [below for nested schema](#nestedatt--spec--storage_metadata))
+- `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
+- `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
+- `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
+- `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
+
+<a id="nestedatt--spec--dns_config"></a>
+### Nested Schema for `spec.dns_config`
+
+Optional:
+
+- `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config--options))
+- `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+<a id="nestedatt--spec--dns_config--options"></a>
+### Nested Schema for `spec.dns_config.options`
+
+Optional:
+
+- `name` (String) Required.
+- `value` (String)
+
+
+
+<a id="nestedatt--spec--host_aliases"></a>
+### Nested Schema for `spec.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
+<a id="nestedatt--spec--image"></a>
+### Nested Schema for `spec.image`
+
+Optional:
+
+- `pull_policy` (String) PullPolicy describes how to pull docker image
+- `repository` (String) Repository contains name of docker image + it's repository if needed
+- `tag` (String) Tag contains desired docker image version
+
+
+<a id="nestedatt--spec--image_pull_secrets"></a>
+### Nested Schema for `spec.image_pull_secrets`
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+
+<a id="nestedatt--spec--pod_metadata"></a>
+### Nested Schema for `spec.pod_metadata`
+
+Optional:
+
+- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+- `labels` (Map of String) Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+- `name` (String) Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+
+
+<a id="nestedatt--spec--readiness_gates"></a>
+### Nested Schema for `spec.readiness_gates`
+
+Required:
+
+- `condition_type` (String) ConditionType refers to a condition in the pod's condition list with matching type.
+
+
+<a id="nestedatt--spec--resources"></a>
+### Nested Schema for `spec.resources`
+
+Optional:
+
+- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--resources--claims))
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+<a id="nestedatt--spec--resources--claims"></a>
+### Nested Schema for `spec.resources.claims`
+
+Required:
+
+- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+
+
+<a id="nestedatt--spec--service_spec"></a>
+### Nested Schema for `spec.service_spec`
+
+Required:
+
+- `spec` (Map of String) ServiceSpec describes the attributes that a user creates on a service. More info: https://kubernetes.io/docs/concepts/services-networking/service/
+
+Optional:
+
+- `metadata` (Attributes) EmbeddedObjectMetadata defines objectMeta for additional service. (see [below for nested schema](#nestedatt--spec--service_spec--metadata))
+- `use_as_default` (Boolean) UseAsDefault applies changes from given service definition to the main object Service Changing from headless service to clusterIP or loadbalancer may break cross-component communication
+
+<a id="nestedatt--spec--service_spec--metadata"></a>
+### Nested Schema for `spec.service_spec.metadata`
+
+Optional:
+
+- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+- `labels` (Map of String) Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+- `name` (String) Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+
+
+
+<a id="nestedatt--spec--storage"></a>
+### Nested Schema for `spec.storage`
+
+Optional:
+
+- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--storage--data_source))
+- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--storage--data_source_ref))
+- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--resources))
+- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--selector))
+- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+
+<a id="nestedatt--spec--storage--data_source"></a>
+### Nested Schema for `spec.storage.data_source`
+
+Required:
+
+- `kind` (String) Kind is the type of resource being referenced
+- `name` (String) Name is the name of resource being referenced
+
+Optional:
+
+- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+
+<a id="nestedatt--spec--storage--data_source_ref"></a>
+### Nested Schema for `spec.storage.data_source_ref`
+
+Required:
+
+- `kind` (String) Kind is the type of resource being referenced
+- `name` (String) Name is the name of resource being referenced
+
+Optional:
+
+- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+
+<a id="nestedatt--spec--storage--resources"></a>
+### Nested Schema for `spec.storage.resources`
+
+Optional:
+
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+
+<a id="nestedatt--spec--storage--selector"></a>
+### Nested Schema for `spec.storage.selector`
+
+Optional:
+
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage--selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+
+<a id="nestedatt--spec--storage--selector--match_expressions"></a>
+### Nested Schema for `spec.storage.selector.match_expressions`
+
+Required:
+
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+Optional:
+
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+
+
+<a id="nestedatt--spec--storage_metadata"></a>
+### Nested Schema for `spec.storage_metadata`
+
+Optional:
+
+- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+- `labels` (Map of String) Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+- `name` (String) Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+
+
+<a id="nestedatt--spec--tolerations"></a>
+### Nested Schema for `spec.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
+<a id="nestedatt--spec--volume_mounts"></a>
+### Nested Schema for `spec.volume_mounts`
+
+Required:
+
+- `mount_path` (String) Path within the container at which the volume should be mounted. Must not contain ':'.
+- `name` (String) This must match the Name of a Volume.
+
+Optional:
+
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
+- `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
+- `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
+- `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md
index 7a027bdeb..0473a65a6 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md
@@ -53,44 +53,51 @@ Optional:
 <a id="nestedatt--spec"></a>
 ### Nested Schema for `spec`
 
+Required:
+
+- `remote_write` (Attributes List) RemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems (see [below for nested schema](#nestedatt--spec--remote_write))
+
 Optional:
 
 - `a_pi_server_config` (Attributes) APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. (see [below for nested schema](#nestedatt--spec--a_pi_server_config))
 - `additional_scrape_configs` (Attributes) AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. (see [below for nested schema](#nestedatt--spec--additional_scrape_configs))
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
-- `arbitrary_fs_access_through_s_ms` (Attributes) ArbitraryFSAccessThroughSMs configures whether configuration based on a service scrape can access arbitrary files on the file system of the VMAgent container e.g. bearer token files. (see [below for nested schema](#nestedatt--spec--arbitrary_fs_access_through_s_ms))
+- `arbitrary_fs_access_through_s_ms` (Attributes) ArbitraryFSAccessThroughSMs configures whether configuration based on EndpointAuth can access arbitrary files on the file system of the VMAgent container e.g. bearer token files, basic auth, tls certs (see [below for nested schema](#nestedatt--spec--arbitrary_fs_access_through_s_ms))
 - `claim_templates` (Attributes List) ClaimTemplates allows adding additional VolumeClaimTemplates for VMAgent in StatefulMode (see [below for nested schema](#nestedatt--spec--claim_templates))
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/configs
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `config_reloader_extra_args` (Map of String) ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: '30s'
+- `config_reloader_image_tag` (String) ConfigReloaderImageTag defines image:tag for config-reloader container
+- `config_reloader_resources` (Attributes) ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--config_reloader_resources))
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
-- `dns_policy` (String) DNSPolicy set DNS policy for the pod
+- `dns_policy` (String) DNSPolicy sets DNS policy for the pod
 - `enforced_namespace_label` (String) EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.
 - `external_labels` (Map of String) ExternalLabels The labels to add to any time series scraped by vmagent. it doesn't affect metrics ingested directly by push API's
-- `extra_args` (Map of String) ExtraArgs that will be passed to VMAgent pod for example remoteWrite.tmpDataPath: /tmp it would be converted to flag --remoteWrite.tmpDataPath=/tmp
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMAgent pod
-- `host_aliases` (Attributes List) HostAliases provides mapping between ip and hostnames, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `ignore_namespace_selectors` (Boolean) IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podscrape and vmservicescrape configs, and they will only discover endpoints within their current namespace. Defaults to false.
-- `image` (Attributes) Image - docker image settings for VMAgent if no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image))
+- `ignore_namespace_selectors` (Boolean) IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from scrape objects, and they will only discover endpoints within their current namespace. Defaults to false.
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
 - `ingest_only_mode` (Boolean) IngestOnlyMode switches vmagent into unmanaged mode it disables any config generation for scraping Currently it prevents vmagent from managing tls and auth options for remote write
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmagent configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `inline_relabel_config` (Attributes List) InlineRelabelConfig - defines GlobalRelabelConfig for vmagent, can be defined directly at CRD. (see [below for nested schema](#nestedatt--spec--inline_relabel_config))
 - `inline_scrape_config` (String) InlineScrapeConfig As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of VMAgent. It is advised to review VMAgent release notes to ensure that no incompatible scrape configs are going to break VMAgent after the upgrade. it should be defined as single yaml file. inlineScrapeConfig: | - job_name: 'prometheus' static_configs: - targets: ['localhost:9090']
 - `insert_ports` (Attributes) InsertPorts - additional listen ports for data ingestion. (see [below for nested schema](#nestedatt--spec--insert_ports))
-- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license))
+- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) (see [below for nested schema](#nestedatt--spec--license))
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMAgent to be configured with.
 - `log_level` (String) LogLevel for VMAgent to be configured with. INFO, WARN, ERROR, FATAL, PANIC
 - `max_scrape_interval` (String) MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is higher than defined limit, 'maxScrapeInterval' will be used.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `min_scrape_interval` (String) MinScrapeInterval allows limiting minimal scrape interval for VMServiceScrape, VMPodScrape and other scrapes If interval is lower than defined limit, 'minScrapeInterval' will be used.
 - `node_scrape_namespace_selector` (Attributes) NodeScrapeNamespaceSelector defines Namespaces to be selected for VMNodeScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--node_scrape_namespace_selector))
 - `node_scrape_relabel_template` (Attributes List) NodeScrapeRelabelTemplate defines relabel config, that will be added to each VMNodeScrape. it's useful for adding specific labels to all targets (see [below for nested schema](#nestedatt--spec--node_scrape_relabel_template))
 - `node_scrape_selector` (Attributes) NodeScrapeSelector defines VMNodeScrape to be selected for scraping. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--node_scrape_selector))
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
-- `override_honor_labels` (Boolean) OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false.
+- `override_honor_labels` (Boolean) OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in scrape objects to true, this overrides honor_labels to false.
 - `override_honor_timestamps` (Boolean) OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget))
@@ -99,18 +106,17 @@ Optional:
 - `pod_scrape_relabel_template` (Attributes List) PodScrapeRelabelTemplate defines relabel config, that will be added to each VMPodScrape. it's useful for adding specific labels to all targets (see [below for nested schema](#nestedatt--spec--pod_scrape_relabel_template))
 - `pod_scrape_selector` (Attributes) PodScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--pod_scrape_selector))
 - `port` (String) Port listen address
-- `priority_class_name` (String) PriorityClassName assigned to the Pods
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `probe_namespace_selector` (Attributes) ProbeNamespaceSelector defines Namespaces to be selected for VMProbe discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--probe_namespace_selector))
 - `probe_scrape_relabel_template` (Attributes List) ProbeScrapeRelabelTemplate defines relabel config, that will be added to each VMProbeScrape. it's useful for adding specific labels to all targets (see [below for nested schema](#nestedatt--spec--probe_scrape_relabel_template))
 - `probe_selector` (Attributes) ProbeSelector defines VMProbe to be selected for target probing. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--probe_selector))
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
 - `relabel_config` (Attributes) RelabelConfig ConfigMap with global relabel config -remoteWrite.relabelConfig This relabeling is applied to all the collected metrics before sending them to remote storage. (see [below for nested schema](#nestedatt--spec--relabel_config))
-- `remote_write` (Attributes List) RemoteWrite list of victoria metrics /some other remote write system for vm it must looks like: http://victoria-metrics-single:8429/api/v1/write or for cluster different url https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent#splitting-data-streams-among-multiple-systems (see [below for nested schema](#nestedatt--spec--remote_write))
 - `remote_write_settings` (Attributes) RemoteWriteSettings defines global settings for all remoteWrite urls. (see [below for nested schema](#nestedatt--spec--remote_write_settings))
-- `replica_count` (Number) ReplicaCount is the expected size of the VMAgent cluster. The controller will eventually make the size of the running cluster equal to the expected size. NOTE enable VMSingle deduplication for replica usage
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not specified - default setting will be used (see [below for nested schema](#nestedatt--spec--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update` (Attributes) RollingUpdate - overrides deployment update params. (see [below for nested schema](#nestedatt--spec--rolling_update))
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
@@ -119,16 +125,16 @@ Optional:
 - `scrape_config_selector` (Attributes) ScrapeConfigSelector defines VMScrapeConfig to be selected for target discovery. Works in combination with NamespaceSelector. (see [below for nested schema](#nestedatt--spec--scrape_config_selector))
 - `scrape_interval` (String) ScrapeInterval defines how often scrape targets by default
 - `scrape_timeout` (String) ScrapeTimeout defines global timeout for targets scrape
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the vmagent object, which shall be mounted into the vmagent Pods. will be mounted at path /etc/vm/secrets
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `select_all_by_default` (Boolean) SelectAllByDefault changes default behavior for empty CRD selectors, such ServiceScrapeSelector. with selectAllByDefault: true and empty serviceScrapeSelector and ServiceScrapeNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the VMAgent Pods.
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
 - `service_scrape_namespace_selector` (Attributes) ServiceScrapeNamespaceSelector Namespaces to be selected for VMServiceScrape discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--service_scrape_namespace_selector))
 - `service_scrape_relabel_template` (Attributes List) ServiceScrapeRelabelTemplate defines relabel config, that will be added to each VMServiceScrape. it's useful for adding specific labels to all targets (see [below for nested schema](#nestedatt--spec--service_scrape_relabel_template))
 - `service_scrape_selector` (Attributes) ServiceScrapeSelector defines ServiceScrapes to be selected for target discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--service_scrape_selector))
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmagent VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmagent service spec (see [below for nested schema](#nestedatt--spec--service_spec))
-- `shard_count` (Number) ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets
+- `shard_count` (Number) ShardCount - numbers of shards of VMAgent in this case operator will use 1 deployment/sts per shard with replicas count according to spec.replicas, see [here](https://docs.victoriametrics.com/vmagent/#scraping-big-number-of-targets)
 - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
 - `stateful_mode` (Boolean) StatefulMode enables StatefulSet for 'VMAgent' instead of Deployment it allows using persistent storage for vmagent's persistentQueue
 - `stateful_rolling_update_strategy` (String) StatefulRollingUpdateStrategy allows configuration for strategyType set it to RollingUpdate for disabling operator statefulSet rollingUpdate
@@ -136,41 +142,48 @@ Optional:
 - `static_scrape_namespace_selector` (Attributes) StaticScrapeNamespaceSelector defines Namespaces to be selected for VMStaticScrape discovery. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--static_scrape_namespace_selector))
 - `static_scrape_relabel_template` (Attributes List) StaticScrapeRelabelTemplate defines relabel config, that will be added to each VMStaticScrape. it's useful for adding specific labels to all targets (see [below for nested schema](#nestedatt--spec--static_scrape_relabel_template))
 - `static_scrape_selector` (Attributes) StaticScrapeSelector defines PodScrapes to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. Selector nil - only objects at NamespaceSelector namespaces. (see [below for nested schema](#nestedatt--spec--static_scrape_selector))
+- `stream_aggr_config` (Attributes) StreamAggrConfig defines global stream aggregation configuration for VMAgent (see [below for nested schema](#nestedatt--spec--stream_aggr_config))
 - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 - `update_strategy` (String) UpdateStrategy - overrides default update strategy. works only for deployments, statefulset always use OnDelete.
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
 - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
+- `use_vm_config_reloader` (Boolean) UseVMConfigReloader replaces prometheus-like config-reloader with vm one. It uses secrets watch instead of file watch which greatly increases speed of config updates
 - `vm_agent_external_label_name` (String) VMAgentExternalLabelName Name of vmAgent external label used to denote vmAgent instance name. Defaults to the value of 'prometheus'. External label will _not_ be added when value is set to empty string ('''').
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output deploy definition. VolumeMounts specified will be appended to other VolumeMounts in the vmagent container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
-<a id="nestedatt--spec--a_pi_server_config"></a>
-### Nested Schema for `spec.a_pi_server_config`
+<a id="nestedatt--spec--remote_write"></a>
+### Nested Schema for `spec.remote_write`
 
 Required:
 
-- `host` (String) Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number
+- `url` (String) URL of the endpoint to send samples to.
 
 Optional:
 
-- `authorization` (Attributes) Authorization configures generic authorization params (see [below for nested schema](#nestedatt--spec--a_pi_server_config--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth))
-- `bearer_token` (String) Bearer token for accessing apiserver.
-- `bearer_token_file` (String) File to read bearer token for accessing apiserver.
-- `tls_config` (Attributes) TLSConfig Config to use for accessing apiserver. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth))
+- `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--bearer_token_secret))
+- `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version
+- `inline_url_relabel_config` (Attributes List) InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. (see [below for nested schema](#nestedatt--spec--remote_write--inline_url_relabel_config))
+- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--remote_write--oauth2))
+- `send_timeout` (String) Timeout for sending a single block of data to -remoteWrite.url (default 1m0s)
+- `stream_aggr_config` (Attributes) StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config))
+- `tls_config` (Attributes) TLSConfig describes tls configuration for remote write target (see [below for nested schema](#nestedatt--spec--remote_write--tls_config))
+- `url_relabel_config` (Attributes) ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--url_relabel_config))
 
-<a id="nestedatt--spec--a_pi_server_config--authorization"></a>
-### Nested Schema for `spec.a_pi_server_config.authorization`
+<a id="nestedatt--spec--remote_write--basic_auth"></a>
+### Nested Schema for `spec.remote_write.basic_auth`
 
 Optional:
 
-- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--a_pi_server_config--authorization--credentials))
-- `credentials_file` (String) File with value for authorization
-- `type` (String) Type of authorization, default to bearer
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--username))
 
-<a id="nestedatt--spec--a_pi_server_config--authorization--credentials"></a>
-### Nested Schema for `spec.a_pi_server_config.authorization.credentials`
+<a id="nestedatt--spec--remote_write--basic_auth--password"></a>
+### Nested Schema for `spec.remote_write.basic_auth.password`
 
 Required:
 
@@ -178,22 +191,12 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-
-<a id="nestedatt--spec--a_pi_server_config--basic_auth"></a>
-### Nested Schema for `spec.a_pi_server_config.basic_auth`
-
-Optional:
-
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth--username))
-
-<a id="nestedatt--spec--a_pi_server_config--basic_auth--password"></a>
-### Nested Schema for `spec.a_pi_server_config.basic_auth.password`
+<a id="nestedatt--spec--remote_write--basic_auth--username"></a>
+### Nested Schema for `spec.remote_write.basic_auth.username`
 
 Required:
 
@@ -201,12 +204,13 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--a_pi_server_config--basic_auth--username"></a>
-### Nested Schema for `spec.a_pi_server_config.basic_auth.username`
+
+<a id="nestedatt--spec--remote_write--bearer_token_secret"></a>
+### Nested Schema for `spec.remote_write.bearer_token_secret`
 
 Required:
 
@@ -214,35 +218,52 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+<a id="nestedatt--spec--remote_write--inline_url_relabel_config"></a>
+### Nested Schema for `spec.remote_write.inline_url_relabel_config`
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config`
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+<a id="nestedatt--spec--remote_write--oauth2"></a>
+### Nested Schema for `spec.remote_write.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
 
 Optional:
 
-- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca))
-- `ca_file` (String) Path to the CA cert in the container to use for the targets.
-- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert))
-- `cert_file` (String) Path to the client cert file in the container for the targets.
-- `insecure_skip_verify` (Boolean) Disable target certificate validation.
-- `key_file` (String) Path to the client key file in the container for the targets.
-- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--key_secret))
-- `server_name` (String) Used to verify the hostname for the targets.
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--ca"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.ca`
+<a id="nestedatt--spec--remote_write--oauth2--client_id"></a>
+### Nested Schema for `spec.remote_write.oauth2.client_id`
 
 Optional:
 
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca--secret))
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--secret))
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--ca--config_map"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.ca.config_map`
+<a id="nestedatt--spec--remote_write--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.remote_write.oauth2.client_id.config_map`
 
 Required:
 
@@ -250,12 +271,12 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--ca--secret"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.ca.secret`
+<a id="nestedatt--spec--remote_write--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.remote_write.oauth2.client_id.secret`
 
 Required:
 
@@ -263,492 +284,490 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--cert"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.cert`
+<a id="nestedatt--spec--remote_write--oauth2--client_secret"></a>
+### Nested Schema for `spec.remote_write.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert--secret))
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--cert--config_map"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.cert.config_map`
 
-Required:
 
-- `key` (String) The key to select.
+<a id="nestedatt--spec--remote_write--stream_aggr_config"></a>
+### Nested Schema for `spec.remote_write.stream_aggr_config`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
+- `configmap` (Attributes) ConfigMap with stream aggregation rules (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--configmap))
+- `dedup_interval` (String) Allows setting different de-duplication intervals per each configured remote storage
+- `drop_input` (Boolean) Allow drop all the input samples after the aggregation
+- `drop_input_labels` (List of String) labels to drop from samples for aggregator before stream de-duplication and aggregation
+- `ignore_first_intervals` (Number) IgnoreFirstIntervals instructs to ignore first interval
+- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
+- `keep_input` (Boolean) Allows writing both raw and aggregate data
+- `rules` (Attributes List) Stream aggregation rules (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules))
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--cert--secret"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.cert.secret`
+<a id="nestedatt--spec--remote_write--stream_aggr_config--configmap"></a>
+### Nested Schema for `spec.remote_write.stream_aggr_config.configmap`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String) The key to select.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
-<a id="nestedatt--spec--a_pi_server_config--tls_config--key_secret"></a>
-### Nested Schema for `spec.a_pi_server_config.tls_config.key_secret`
+<a id="nestedatt--spec--remote_write--stream_aggr_config--rules"></a>
+### Nested Schema for `spec.remote_write.stream_aggr_config.rules`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `interval` (String) Interval is the interval between aggregations.
+- `outputs` (List of String) Outputs is a list of output aggregate functions to produce. The following names are allowed: - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] The output time series will have the following names: input_name:aggr_<interval>_<output>
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `by` (List of String) By is an optional list of labels for grouping input series. See also Without. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
+- `dedup_interval` (String) DedupInterval is an optional interval for deduplication.
+- `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. Labels are dropped before de-duplication and aggregation.
+- `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is 'false' by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.
+- `ignore_first_intervals` (Number)
+- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
+- `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules--input_relabel_configs))
+- `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
+- `match` (Map of String) Match is a label selector (or list of label selectors) for filtering time series for the given selector. If the match isn't set, then all the input time series are processed.
+- `no_align_flush_to_interval` (Boolean) NoAlignFlushToInterval disables aligning of flushes to multiples of Interval. By default flushes are aligned to Interval.
+- `output_relabel_configs` (Attributes List) OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules--output_relabel_configs))
+- `staleness_interval` (String) Staleness interval is interval after which the series state will be reset if no samples have been sent during it. The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
+- `without` (List of String) Without is an optional list of labels, which must be excluded when grouping input series. See also By. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
 
+<a id="nestedatt--spec--remote_write--stream_aggr_config--rules--input_relabel_configs"></a>
+### Nested Schema for `spec.remote_write.stream_aggr_config.rules.input_relabel_configs`
 
+Optional:
 
-<a id="nestedatt--spec--additional_scrape_configs"></a>
-### Nested Schema for `spec.additional_scrape_configs`
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
-Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--remote_write--stream_aggr_config--rules--output_relabel_configs"></a>
+### Nested Schema for `spec.remote_write.stream_aggr_config.rules.output_relabel_configs`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--arbitrary_fs_access_through_s_ms"></a>
-### Nested Schema for `spec.arbitrary_fs_access_through_s_ms`
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
-Optional:
 
-- `deny` (Boolean)
 
 
-<a id="nestedatt--spec--claim_templates"></a>
-### Nested Schema for `spec.claim_templates`
+<a id="nestedatt--spec--remote_write--tls_config"></a>
+### Nested Schema for `spec.remote_write.tls_config`
 
 Optional:
 
-- `api_version` (String) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-- `kind` (String) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-- `metadata` (Map of String) Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-- `spec` (Attributes) spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--claim_templates--spec))
-- `status` (Attributes) status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--claim_templates--status))
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
 
-<a id="nestedatt--spec--claim_templates--spec"></a>
-### Nested Schema for `spec.claim_templates.spec`
+<a id="nestedatt--spec--remote_write--tls_config--ca"></a>
+### Nested Schema for `spec.remote_write.tls_config.ca`
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--data_source))
-- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--data_source_ref))
-- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--claim_templates--spec--resources))
-- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--selector))
-- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
-- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
-- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca--secret))
 
-<a id="nestedatt--spec--claim_templates--spec--data_source"></a>
-### Nested Schema for `spec.claim_templates.spec.data_source`
+<a id="nestedatt--spec--remote_write--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.remote_write.tls_config.ca.config_map`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `key` (String) The key to select.
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
-<a id="nestedatt--spec--claim_templates--spec--data_source_ref"></a>
-### Nested Schema for `spec.claim_templates.spec.data_source_ref`
+<a id="nestedatt--spec--remote_write--tls_config--ca--secret"></a>
+### Nested Schema for `spec.remote_write.tls_config.ca.secret`
 
 Required:
 
-- `kind` (String) Kind is the type of resource being referenced
-- `name` (String) Name is the name of resource being referenced
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
-- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--claim_templates--spec--resources"></a>
-### Nested Schema for `spec.claim_templates.spec.resources`
+
+<a id="nestedatt--spec--remote_write--tls_config--cert"></a>
+### Nested Schema for `spec.remote_write.tls_config.cert`
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--resources--claims))
-- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert--secret))
 
-<a id="nestedatt--spec--claim_templates--spec--resources--claims"></a>
-### Nested Schema for `spec.claim_templates.spec.resources.claims`
+<a id="nestedatt--spec--remote_write--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.remote_write.tls_config.cert.config_map`
 
 Required:
 
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
-
-<a id="nestedatt--spec--claim_templates--spec--selector"></a>
-### Nested Schema for `spec.claim_templates.spec.selector`
+- `key` (String) The key to select.
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
-<a id="nestedatt--spec--claim_templates--spec--selector--match_expressions"></a>
-### Nested Schema for `spec.claim_templates.spec.selector.match_expressions`
+
+<a id="nestedatt--spec--remote_write--tls_config--cert--secret"></a>
+### Nested Schema for `spec.remote_write.tls_config.cert.secret`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
 
+<a id="nestedatt--spec--remote_write--tls_config--key_secret"></a>
+### Nested Schema for `spec.remote_write.tls_config.key_secret`
 
-<a id="nestedatt--spec--claim_templates--status"></a>
-### Nested Schema for `spec.claim_templates.status`
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-- `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--claim_templates--status--conditions))
-- `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
-<a id="nestedatt--spec--claim_templates--status--conditions"></a>
-### Nested Schema for `spec.claim_templates.status.conditions`
+
+
+<a id="nestedatt--spec--remote_write--url_relabel_config"></a>
+### Nested Schema for `spec.remote_write.url_relabel_config`
 
 Required:
 
-- `status` (String)
-- `type` (String) PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+- `key` (String) The key to select.
 
 Optional:
 
-- `last_probe_time` (String) lastProbeTime is the time we probed the condition.
-- `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
-- `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
 
+<a id="nestedatt--spec--a_pi_server_config"></a>
+### Nested Schema for `spec.a_pi_server_config`
 
-<a id="nestedatt--spec--dns_config"></a>
-### Nested Schema for `spec.dns_config`
+Required:
+
+- `host` (String) Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number
 
 Optional:
 
-- `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
-- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config--options))
-- `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+- `authorization` (Attributes) Authorization configures generic authorization params (see [below for nested schema](#nestedatt--spec--a_pi_server_config--authorization))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth))
+- `bearer_token` (String) Bearer token for accessing apiserver.
+- `bearer_token_file` (String) File to read bearer token for accessing apiserver.
+- `tls_config` (Attributes) TLSConfig Config to use for accessing apiserver. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config))
 
-<a id="nestedatt--spec--dns_config--options"></a>
-### Nested Schema for `spec.dns_config.options`
+<a id="nestedatt--spec--a_pi_server_config--authorization"></a>
+### Nested Schema for `spec.a_pi_server_config.authorization`
 
 Optional:
 
-- `name` (String) Required.
-- `value` (String)
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--a_pi_server_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
 
+<a id="nestedatt--spec--a_pi_server_config--authorization--credentials"></a>
+### Nested Schema for `spec.a_pi_server_config.authorization.credentials`
 
+Required:
 
-<a id="nestedatt--spec--host_aliases"></a>
-### Nested Schema for `spec.host_aliases`
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `hostnames` (List of String) Hostnames for the above IP address.
-- `ip` (String) IP address of the host file entry.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--image"></a>
-### Nested Schema for `spec.image`
 
-Optional:
+<a id="nestedatt--spec--a_pi_server_config--basic_auth"></a>
+### Nested Schema for `spec.a_pi_server_config.basic_auth`
 
-- `pull_policy` (String) PullPolicy describes how to pull docker image
-- `repository` (String) Repository contains name of docker image + it's repository if needed
-- `tag` (String) Tag contains desired docker image version
+Optional:
 
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--a_pi_server_config--basic_auth--username))
 
-<a id="nestedatt--spec--image_pull_secrets"></a>
-### Nested Schema for `spec.image_pull_secrets`
+<a id="nestedatt--spec--a_pi_server_config--basic_auth--password"></a>
+### Nested Schema for `spec.a_pi_server_config.basic_auth.password`
 
-Optional:
+Required:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
+Optional:
 
-<a id="nestedatt--spec--inline_relabel_config"></a>
-### Nested Schema for `spec.inline_relabel_config`
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
-Optional:
 
-- `action` (String) Action to perform based on regex matching. Default is 'replace'
-- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
-- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
-- `match` (String) Match is used together with Labels for 'action: graphite'
-- `modulus` (Number) Modulus to take of the hash of the source label values.
-- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
-- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
-- `separator` (String) Separator placed between concatenated source label values. default is ';'.
-- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
-- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+<a id="nestedatt--spec--a_pi_server_config--basic_auth--username"></a>
+### Nested Schema for `spec.a_pi_server_config.basic_auth.username`
 
+Required:
 
-<a id="nestedatt--spec--insert_ports"></a>
-### Nested Schema for `spec.insert_ports`
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `graphite_port` (String) GraphitePort listen port
-- `influx_port` (String) InfluxPort listen port
-- `open_tsdb_port` (String) OpenTSDBPort for tcp and udp listen
-- `open_tsdbhttp_port` (String) OpenTSDBHTTPPort for http connections.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--license"></a>
-### Nested Schema for `spec.license`
 
-Optional:
-
-- `key` (String) Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
-- `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
+<a id="nestedatt--spec--a_pi_server_config--tls_config"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config`
 
-<a id="nestedatt--spec--license--key_ref"></a>
-### Nested Schema for `spec.license.key_ref`
+Optional:
 
-Required:
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--a_pi_server_config--tls_config--ca"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.ca`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--ca--secret))
 
+<a id="nestedatt--spec--a_pi_server_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.ca.config_map`
 
+Required:
 
-<a id="nestedatt--spec--node_scrape_namespace_selector"></a>
-### Nested Schema for `spec.node_scrape_namespace_selector`
+- `key` (String) The key to select.
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_scrape_namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
-<a id="nestedatt--spec--node_scrape_namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.node_scrape_namespace_selector.match_expressions`
+
+<a id="nestedatt--spec--a_pi_server_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.ca.secret`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
 
-<a id="nestedatt--spec--node_scrape_relabel_template"></a>
-### Nested Schema for `spec.node_scrape_relabel_template`
+<a id="nestedatt--spec--a_pi_server_config--tls_config--cert"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.cert`
 
 Optional:
 
-- `action` (String) Action to perform based on regex matching. Default is 'replace'
-- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
-- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
-- `match` (String) Match is used together with Labels for 'action: graphite'
-- `modulus` (Number) Modulus to take of the hash of the source label values.
-- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
-- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
-- `separator` (String) Separator placed between concatenated source label values. default is ';'.
-- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
-- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--a_pi_server_config--tls_config--cert--secret))
 
+<a id="nestedatt--spec--a_pi_server_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.cert.config_map`
 
-<a id="nestedatt--spec--node_scrape_selector"></a>
-### Nested Schema for `spec.node_scrape_selector`
+Required:
+
+- `key` (String) The key to select.
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_scrape_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
-<a id="nestedatt--spec--node_scrape_selector--match_expressions"></a>
-### Nested Schema for `spec.node_scrape_selector.match_expressions`
+
+<a id="nestedatt--spec--a_pi_server_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.cert.secret`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--pod_disruption_budget"></a>
-### Nested Schema for `spec.pod_disruption_budget`
 
-Optional:
-
-- `max_unavailable` (String) An eviction is allowed if at most 'maxUnavailable' pods selected by 'selector' are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with 'minAvailable'.
-- `min_available` (String) An eviction is allowed if at least 'minAvailable' pods selected by 'selector' will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying '100%'.
-- `selector_labels` (Map of String) replaces default labels selector generated by operator it's useful when you need to create custom budget
+<a id="nestedatt--spec--a_pi_server_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.a_pi_server_config.tls_config.key_secret`
 
+Required:
 
-<a id="nestedatt--spec--pod_metadata"></a>
-### Nested Schema for `spec.pod_metadata`
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
-- `labels` (Map of String) Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
-- `name` (String) Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
-
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
-<a id="nestedatt--spec--pod_scrape_namespace_selector"></a>
-### Nested Schema for `spec.pod_scrape_namespace_selector`
 
-Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_scrape_namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--pod_scrape_namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.pod_scrape_namespace_selector.match_expressions`
+<a id="nestedatt--spec--additional_scrape_configs"></a>
+### Nested Schema for `spec.additional_scrape_configs`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--pod_scrape_relabel_template"></a>
-### Nested Schema for `spec.pod_scrape_relabel_template`
+<a id="nestedatt--spec--arbitrary_fs_access_through_s_ms"></a>
+### Nested Schema for `spec.arbitrary_fs_access_through_s_ms`
 
 Optional:
 
-- `action` (String) Action to perform based on regex matching. Default is 'replace'
-- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
-- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
-- `match` (String) Match is used together with Labels for 'action: graphite'
-- `modulus` (Number) Modulus to take of the hash of the source label values.
-- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
-- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
-- `separator` (String) Separator placed between concatenated source label values. default is ';'.
-- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
-- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+- `deny` (Boolean)
 
 
-<a id="nestedatt--spec--pod_scrape_selector"></a>
-### Nested Schema for `spec.pod_scrape_selector`
+<a id="nestedatt--spec--claim_templates"></a>
+### Nested Schema for `spec.claim_templates`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_scrape_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
-
-<a id="nestedatt--spec--pod_scrape_selector--match_expressions"></a>
-### Nested Schema for `spec.pod_scrape_selector.match_expressions`
-
-Required:
+- `api_version` (String) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+- `kind` (String) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+- `metadata` (Map of String) Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+- `spec` (Attributes) spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--claim_templates--spec))
+- `status` (Attributes) status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--claim_templates--status))
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+<a id="nestedatt--spec--claim_templates--spec"></a>
+### Nested Schema for `spec.claim_templates.spec`
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+- `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--data_source))
+- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--data_source_ref))
+- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--claim_templates--spec--resources))
+- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--selector))
+- `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+- `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+- `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
+<a id="nestedatt--spec--claim_templates--spec--data_source"></a>
+### Nested Schema for `spec.claim_templates.spec.data_source`
 
+Required:
 
-<a id="nestedatt--spec--probe_namespace_selector"></a>
-### Nested Schema for `spec.probe_namespace_selector`
+- `kind` (String) Kind is the type of resource being referenced
+- `name` (String) Name is the name of resource being referenced
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--probe_namespace_selector--match_expressions))
-- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 
-<a id="nestedatt--spec--probe_namespace_selector--match_expressions"></a>
-### Nested Schema for `spec.probe_namespace_selector.match_expressions`
+
+<a id="nestedatt--spec--claim_templates--spec--data_source_ref"></a>
+### Nested Schema for `spec.claim_templates.spec.data_source_ref`
 
 Required:
 
-- `key` (String) key is the label key that the selector applies to.
-- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+- `kind` (String) Kind is the type of resource being referenced
+- `name` (String) Name is the name of resource being referenced
 
 Optional:
 
-- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-
+- `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+- `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 
 
-<a id="nestedatt--spec--probe_scrape_relabel_template"></a>
-### Nested Schema for `spec.probe_scrape_relabel_template`
+<a id="nestedatt--spec--claim_templates--spec--resources"></a>
+### Nested Schema for `spec.claim_templates.spec.resources`
 
 Optional:
 
-- `action` (String) Action to perform based on regex matching. Default is 'replace'
-- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
-- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
-- `match` (String) Match is used together with Labels for 'action: graphite'
-- `modulus` (Number) Modulus to take of the hash of the source label values.
-- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
-- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
-- `separator` (String) Separator placed between concatenated source label values. default is ';'.
-- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
-- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 
-<a id="nestedatt--spec--probe_selector"></a>
-### Nested Schema for `spec.probe_selector`
+<a id="nestedatt--spec--claim_templates--spec--selector"></a>
+### Nested Schema for `spec.claim_templates.spec.selector`
 
 Optional:
 
-- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--probe_selector--match_expressions))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--selector--match_expressions))
 - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--probe_selector--match_expressions"></a>
-### Nested Schema for `spec.probe_selector.match_expressions`
+<a id="nestedatt--spec--claim_templates--spec--selector--match_expressions"></a>
+### Nested Schema for `spec.claim_templates.spec.selector.match_expressions`
 
 Required:
 
@@ -761,97 +780,120 @@ Optional:
 
 
 
-<a id="nestedatt--spec--readiness_gates"></a>
-### Nested Schema for `spec.readiness_gates`
 
-Required:
+<a id="nestedatt--spec--claim_templates--status"></a>
+### Nested Schema for `spec.claim_templates.status`
 
-- `condition_type` (String) ConditionType refers to a condition in the pod's condition list with matching type.
+Optional:
 
+- `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--claim_templates--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--claim_templates--status--modify_volume_status))
+- `phase` (String) phase represents the current phase of PersistentVolumeClaim.
 
-<a id="nestedatt--spec--relabel_config"></a>
-### Nested Schema for `spec.relabel_config`
+<a id="nestedatt--spec--claim_templates--status--conditions"></a>
+### Nested Schema for `spec.claim_templates.status.conditions`
 
 Required:
 
-- `key` (String) The key to select.
+- `status` (String)
+- `type` (String) PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+- `last_probe_time` (String) lastProbeTime is the time we probed the condition.
+- `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
+- `message` (String) message is the human-readable message indicating details about last transition.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
 
 
-<a id="nestedatt--spec--remote_write"></a>
-### Nested Schema for `spec.remote_write`
+<a id="nestedatt--spec--claim_templates--status--modify_volume_status"></a>
+### Nested Schema for `spec.claim_templates.status.modify_volume_status`
 
 Required:
 
-- `url` (String) URL of the endpoint to send samples to.
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
 
 Optional:
 
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth))
-- `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--bearer_token_secret))
-- `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName: headerValue vmagent supports since 1.79.0 version
-- `inline_url_relabel_config` (Attributes List) InlineUrlRelabelConfig defines relabeling config for remoteWriteURL, it can be defined at crd spec. (see [below for nested schema](#nestedatt--spec--remote_write--inline_url_relabel_config))
-- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--remote_write--oauth2))
-- `send_timeout` (String) Timeout for sending a single block of data to -remoteWrite.url (default 1m0s)
-- `stream_aggr_config` (Attributes) StreamAggrConfig defines stream aggregation configuration for VMAgent for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config))
-- `tls_config` (Attributes) TLSConfig describes tls configuration for remote write target (see [below for nested schema](#nestedatt--spec--remote_write--tls_config))
-- `url_relabel_config` (Attributes) ConfigMap with relabeling config which is applied to metrics before sending them to the corresponding -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_write--url_relabel_config))
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
+
+
 
-<a id="nestedatt--spec--remote_write--basic_auth"></a>
-### Nested Schema for `spec.remote_write.basic_auth`
+
+<a id="nestedatt--spec--config_reloader_resources"></a>
+### Nested Schema for `spec.config_reloader_resources`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--username))
+- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--config_reloader_resources--claims))
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--remote_write--basic_auth--password"></a>
-### Nested Schema for `spec.remote_write.basic_auth.password`
+<a id="nestedatt--spec--config_reloader_resources--claims"></a>
+### Nested Schema for `spec.config_reloader_resources.claims`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+
+
+<a id="nestedatt--spec--dns_config"></a>
+### Nested Schema for `spec.dns_config`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config--options))
+- `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
 
+<a id="nestedatt--spec--dns_config--options"></a>
+### Nested Schema for `spec.dns_config.options`
 
-<a id="nestedatt--spec--remote_write--basic_auth--username"></a>
-### Nested Schema for `spec.remote_write.basic_auth.username`
+Optional:
+
+- `name` (String) Required.
+- `value` (String)
+
+
+
+<a id="nestedatt--spec--host_aliases"></a>
+### Nested Schema for `spec.host_aliases`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `ip` (String) IP address of the host file entry.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `hostnames` (List of String) Hostnames for the above IP address.
 
 
+<a id="nestedatt--spec--image"></a>
+### Nested Schema for `spec.image`
 
-<a id="nestedatt--spec--remote_write--bearer_token_secret"></a>
-### Nested Schema for `spec.remote_write.bearer_token_secret`
+Optional:
 
-Required:
+- `pull_policy` (String) PullPolicy describes how to pull docker image
+- `repository` (String) Repository contains name of docker image + it's repository if needed
+- `tag` (String) Tag contains desired docker image version
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+<a id="nestedatt--spec--image_pull_secrets"></a>
+### Nested Schema for `spec.image_pull_secrets`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
-<a id="nestedatt--spec--remote_write--inline_url_relabel_config"></a>
-### Nested Schema for `spec.remote_write.inline_url_relabel_config`
+<a id="nestedatt--spec--inline_relabel_config"></a>
+### Nested Schema for `spec.inline_relabel_config`
 
 Optional:
 
@@ -867,125 +909,144 @@ Optional:
 - `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
 
-<a id="nestedatt--spec--remote_write--oauth2"></a>
-### Nested Schema for `spec.remote_write.oauth2`
+<a id="nestedatt--spec--insert_ports"></a>
+### Nested Schema for `spec.insert_ports`
+
+Optional:
+
+- `graphite_port` (String) GraphitePort listen port
+- `influx_port` (String) InfluxPort listen port
+- `open_tsdb_port` (String) OpenTSDBPort for tcp and udp listen
+- `open_tsdbhttp_port` (String) OpenTSDBHTTPPort for http connections.
+
+
+<a id="nestedatt--spec--license"></a>
+### Nested Schema for `spec.license`
+
+Optional:
+
+- `key` (String) Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial)
+- `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
+
+<a id="nestedatt--spec--license--key_ref"></a>
+### Nested Schema for `spec.license.key_ref`
 
 Required:
 
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
 
 Optional:
 
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
 
-<a id="nestedatt--spec--remote_write--oauth2--client_id"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id`
+
+<a id="nestedatt--spec--node_scrape_namespace_selector"></a>
+### Nested Schema for `spec.node_scrape_namespace_selector`
 
 Optional:
 
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--secret))
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_scrape_namespace_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--remote_write--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id.config_map`
+<a id="nestedatt--spec--node_scrape_namespace_selector--match_expressions"></a>
+### Nested Schema for `spec.node_scrape_namespace_selector.match_expressions`
 
 Required:
 
-- `key` (String) The key to select.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
-<a id="nestedatt--spec--remote_write--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id.secret`
+
+<a id="nestedatt--spec--node_scrape_relabel_template"></a>
+### Nested Schema for `spec.node_scrape_relabel_template`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+<a id="nestedatt--spec--node_scrape_selector"></a>
+### Nested Schema for `spec.node_scrape_selector`
+
+Optional:
+
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--node_scrape_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
+
+<a id="nestedatt--spec--node_scrape_selector--match_expressions"></a>
+### Nested Schema for `spec.node_scrape_selector.match_expressions`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-<a id="nestedatt--spec--remote_write--oauth2--client_secret"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_secret`
 
-Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+<a id="nestedatt--spec--pod_disruption_budget"></a>
+### Nested Schema for `spec.pod_disruption_budget`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `max_unavailable` (String) An eviction is allowed if at most 'maxUnavailable' pods selected by 'selector' are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with 'minAvailable'.
+- `min_available` (String) An eviction is allowed if at least 'minAvailable' pods selected by 'selector' will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying '100%'.
+- `selector_labels` (Map of String) replaces default labels selector generated by operator it's useful when you need to create custom budget
 
 
+<a id="nestedatt--spec--pod_metadata"></a>
+### Nested Schema for `spec.pod_metadata`
 
-<a id="nestedatt--spec--remote_write--stream_aggr_config"></a>
-### Nested Schema for `spec.remote_write.stream_aggr_config`
+Optional:
 
-Required:
+- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+- `labels` (Map of String) Labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+- `name` (String) Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
-- `rules` (Attributes List) Stream aggregation rules (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules))
+
+<a id="nestedatt--spec--pod_scrape_namespace_selector"></a>
+### Nested Schema for `spec.pod_scrape_namespace_selector`
 
 Optional:
 
-- `dedup_interval` (String) Allows setting different de-duplication intervals per each configured remote storage
-- `drop_input` (Boolean) Allow drop all the input samples after the aggregation
-- `keep_input` (Boolean) Allows writing both raw and aggregate data
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_scrape_namespace_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--remote_write--stream_aggr_config--rules"></a>
-### Nested Schema for `spec.remote_write.stream_aggr_config.rules`
+<a id="nestedatt--spec--pod_scrape_namespace_selector--match_expressions"></a>
+### Nested Schema for `spec.pod_scrape_namespace_selector.match_expressions`
 
 Required:
 
-- `interval` (String) Interval is the interval between aggregations.
-- `outputs` (List of String) Outputs is a list of output aggregate functions to produce. The following names are allowed: - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] The output time series will have the following names: input_name:aggr_<interval>_<output>
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `by` (List of String) By is an optional list of labels for grouping input series. See also Without. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
-- `dedup_interval` (String) DedupInterval is an optional interval for deduplication.
-- `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. Labels are dropped before de-duplication and aggregation.
-- `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is 'false' by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.
-- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
-- `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules--input_relabel_configs))
-- `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
-- `match` (Map of String) Match is a label selector (or list of label selectors) for filtering time series for the given selector. If the match isn't set, then all the input time series are processed.
-- `no_align_flush_to_interval` (Boolean) NoAlignFlushToInterval disables aligning of flushes to multiples of Interval. By default flushes are aligned to Interval.
-- `output_relabel_configs` (Attributes List) OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--rules--output_relabel_configs))
-- `staleness_interval` (String) Staleness interval is interval after which the series state will be reset if no samples have been sent during it. The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
-- `without` (List of String) Without is an optional list of labels, which must be excluded when grouping input series. See also By. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
-
-<a id="nestedatt--spec--remote_write--stream_aggr_config--rules--input_relabel_configs"></a>
-### Nested Schema for `spec.remote_write.stream_aggr_config.rules.input_relabel_configs`
-
-Optional:
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-- `action` (String) Action to perform based on regex matching. Default is 'replace'
-- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
-- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
-- `match` (String) Match is used together with Labels for 'action: graphite'
-- `modulus` (Number) Modulus to take of the hash of the source label values.
-- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
-- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
-- `separator` (String) Separator placed between concatenated source label values. default is ';'.
-- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
-- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
 
-<a id="nestedatt--spec--remote_write--stream_aggr_config--rules--output_relabel_configs"></a>
-### Nested Schema for `spec.remote_write.stream_aggr_config.rules.output_relabel_configs`
+<a id="nestedatt--spec--pod_scrape_relabel_template"></a>
+### Nested Schema for `spec.pod_scrape_relabel_template`
 
 Optional:
 
@@ -1001,108 +1062,99 @@ Optional:
 - `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
 
+<a id="nestedatt--spec--pod_scrape_selector"></a>
+### Nested Schema for `spec.pod_scrape_selector`
 
+Optional:
 
-<a id="nestedatt--spec--remote_write--tls_config"></a>
-### Nested Schema for `spec.remote_write.tls_config`
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--pod_scrape_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-Optional:
+<a id="nestedatt--spec--pod_scrape_selector--match_expressions"></a>
+### Nested Schema for `spec.pod_scrape_selector.match_expressions`
 
-- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca))
-- `ca_file` (String) Path to the CA cert in the container to use for the targets.
-- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert))
-- `cert_file` (String) Path to the client cert file in the container for the targets.
-- `insecure_skip_verify` (Boolean) Disable target certificate validation.
-- `key_file` (String) Path to the client key file in the container for the targets.
-- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--key_secret))
-- `server_name` (String) Used to verify the hostname for the targets.
+Required:
 
-<a id="nestedatt--spec--remote_write--tls_config--ca"></a>
-### Nested Schema for `spec.remote_write.tls_config.ca`
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--ca--secret))
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
-<a id="nestedatt--spec--remote_write--tls_config--ca--config_map"></a>
-### Nested Schema for `spec.remote_write.tls_config.ca.config_map`
 
-Required:
 
-- `key` (String) The key to select.
+<a id="nestedatt--spec--probe_namespace_selector"></a>
+### Nested Schema for `spec.probe_namespace_selector`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--probe_namespace_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--remote_write--tls_config--ca--secret"></a>
-### Nested Schema for `spec.remote_write.tls_config.ca.secret`
+<a id="nestedatt--spec--probe_namespace_selector--match_expressions"></a>
+### Nested Schema for `spec.probe_namespace_selector.match_expressions`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
 
-<a id="nestedatt--spec--remote_write--tls_config--cert"></a>
-### Nested Schema for `spec.remote_write.tls_config.cert`
+<a id="nestedatt--spec--probe_scrape_relabel_template"></a>
+### Nested Schema for `spec.probe_scrape_relabel_template`
 
 Optional:
 
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--tls_config--cert--secret))
-
-<a id="nestedatt--spec--remote_write--tls_config--cert--config_map"></a>
-### Nested Schema for `spec.remote_write.tls_config.cert.config_map`
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
 
-Required:
 
-- `key` (String) The key to select.
+<a id="nestedatt--spec--probe_selector"></a>
+### Nested Schema for `spec.probe_selector`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
+- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--probe_selector--match_expressions))
+- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.
 
-<a id="nestedatt--spec--remote_write--tls_config--cert--secret"></a>
-### Nested Schema for `spec.remote_write.tls_config.cert.secret`
+<a id="nestedatt--spec--probe_selector--match_expressions"></a>
+### Nested Schema for `spec.probe_selector.match_expressions`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
+- `key` (String) key is the label key that the selector applies to.
+- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
+- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 
 
 
-<a id="nestedatt--spec--remote_write--tls_config--key_secret"></a>
-### Nested Schema for `spec.remote_write.tls_config.key_secret`
+<a id="nestedatt--spec--readiness_gates"></a>
+### Nested Schema for `spec.readiness_gates`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `condition_type` (String) ConditionType refers to a condition in the pod's condition list with matching type.
 
 
-<a id="nestedatt--spec--remote_write--url_relabel_config"></a>
-### Nested Schema for `spec.remote_write.url_relabel_config`
+<a id="nestedatt--spec--relabel_config"></a>
+### Nested Schema for `spec.relabel_config`
 
 Required:
 
@@ -1110,11 +1162,10 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
-
 <a id="nestedatt--spec--remote_write_settings"></a>
 ### Nested Schema for `spec.remote_write_settings`
 
@@ -1127,7 +1178,7 @@ Optional:
 - `queues` (Number) The number of concurrent queues
 - `show_url` (Boolean) Whether to show -remoteWrite.url in the exported metrics. It is hidden by default, since it can contain sensitive auth info
 - `tmp_data_path` (String) Path to directory where temporary data for remote write component is stored (default vmagent-remotewrite-data)
-- `use_multi_tenant_mode` (Boolean) Configures vmagent in multi-tenant mode with direct cluster support docs https://docs.victoriametrics.com/vmagent.html#multitenancy it's global setting and affects all remote storage configurations
+- `use_multi_tenant_mode` (Boolean) Configures vmagent accepting data via the same multitenant endpoints as vminsert at VictoriaMetrics cluster does, see [here](https://docs.victoriametrics.com/vmagent/#multitenancy). it's global setting and affects all remote storage configurations
 
 
 <a id="nestedatt--spec--resources"></a>
@@ -1352,6 +1403,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -1387,18 +1439,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--stateful_storage--volume_claim_template--spec--resources--claims"></a>
-### Nested Schema for `spec.stateful_storage.volume_claim_template.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--stateful_storage--volume_claim_template--spec--selector"></a>
 ### Nested Schema for `spec.stateful_storage.volume_claim_template.spec.selector`
@@ -1429,11 +1472,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--stateful_storage--volume_claim_template--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--stateful_storage--volume_claim_template--status--conditions"></a>
 ### Nested Schema for `spec.stateful_storage.volume_claim_template.status.conditions`
@@ -1448,7 +1493,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--stateful_storage--volume_claim_template--status--modify_volume_status"></a>
+### Nested Schema for `spec.stateful_storage.volume_claim_template.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -1515,6 +1572,93 @@ Optional:
 
 
 
+<a id="nestedatt--spec--stream_aggr_config"></a>
+### Nested Schema for `spec.stream_aggr_config`
+
+Optional:
+
+- `configmap` (Attributes) ConfigMap with stream aggregation rules (see [below for nested schema](#nestedatt--spec--stream_aggr_config--configmap))
+- `dedup_interval` (String) Allows setting different de-duplication intervals per each configured remote storage
+- `drop_input` (Boolean) Allow drop all the input samples after the aggregation
+- `drop_input_labels` (List of String) labels to drop from samples for aggregator before stream de-duplication and aggregation
+- `ignore_first_intervals` (Number) IgnoreFirstIntervals instructs to ignore first interval
+- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
+- `keep_input` (Boolean) Allows writing both raw and aggregate data
+- `rules` (Attributes List) Stream aggregation rules (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules))
+
+<a id="nestedatt--spec--stream_aggr_config--configmap"></a>
+### Nested Schema for `spec.stream_aggr_config.configmap`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--stream_aggr_config--rules"></a>
+### Nested Schema for `spec.stream_aggr_config.rules`
+
+Required:
+
+- `interval` (String) Interval is the interval between aggregations.
+- `outputs` (List of String) Outputs is a list of output aggregate functions to produce. The following names are allowed: - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series - count_samples - counts the input samples - sum_samples - sums the input samples - last - the last biggest sample value - min - the minimum sample value - max - the maximum sample value - avg - the average value across all the samples - stddev - standard deviation across all the samples - stdvar - standard variance across all the samples - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] The output time series will have the following names: input_name:aggr_<interval>_<output>
+
+Optional:
+
+- `by` (List of String) By is an optional list of labels for grouping input series. See also Without. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
+- `dedup_interval` (String) DedupInterval is an optional interval for deduplication.
+- `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. Labels are dropped before de-duplication and aggregation.
+- `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is 'false' by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.
+- `ignore_first_intervals` (Number)
+- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
+- `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules--input_relabel_configs))
+- `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
+- `match` (Map of String) Match is a label selector (or list of label selectors) for filtering time series for the given selector. If the match isn't set, then all the input time series are processed.
+- `no_align_flush_to_interval` (Boolean) NoAlignFlushToInterval disables aligning of flushes to multiples of Interval. By default flushes are aligned to Interval.
+- `output_relabel_configs` (Attributes List) OutputRelabelConfigs is an optional relabeling rules, which are applied on the aggregated output before being sent to remote storage. (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules--output_relabel_configs))
+- `staleness_interval` (String) Staleness interval is interval after which the series state will be reset if no samples have been sent during it. The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.
+- `without` (List of String) Without is an optional list of labels, which must be excluded when grouping input series. See also By. If neither By nor Without are set, then the Outputs are calculated individually per each input time series.
+
+<a id="nestedatt--spec--stream_aggr_config--rules--input_relabel_configs"></a>
+### Nested Schema for `spec.stream_aggr_config.rules.input_relabel_configs`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+<a id="nestedatt--spec--stream_aggr_config--rules--output_relabel_configs"></a>
+### Nested Schema for `spec.stream_aggr_config.rules.output_relabel_configs`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+
+
 <a id="nestedatt--spec--tolerations"></a>
 ### Nested Schema for `spec.tolerations`
 
@@ -1537,7 +1681,8 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md
index 4c8456ab2..535caeefb 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md
@@ -60,25 +60,29 @@ Required:
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `config_reloader_extra_args` (Map of String) ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: '30s'
+- `config_reloader_image_tag` (String) ConfigReloaderImageTag defines image:tag for config-reloader container
+- `config_reloader_resources` (Attributes) ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--config_reloader_resources))
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
 - `enforced_namespace_label` (String) EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.
 - `evaluation_interval` (String) EvaluationInterval defines how often to evaluate rules by default
 - `external_labels` (Map of String) ExternalLabels in the form 'name: value' to add to all generated recording rules and alerts.
-- `extra_args` (Map of String) ExtraArgs that will be passed to VMAlert pod for example -remoteWrite.tmpDataPath=/tmp
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMAlert pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `image` (Attributes) Image - docker image settings for VMAlert if no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image))
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
-- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) (see [below for nested schema](#nestedatt--spec--license))
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMAlert to be configured with. default or json
 - `log_level` (String) LogLevel for VMAlert to be configured with.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
 - `notifier` (Attributes) Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093 If specified both notifier and notifiers, notifier will be added as last element to notifiers. only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier (see [below for nested schema](#nestedatt--spec--notifier))
 - `notifier_config_ref` (Attributes) NotifierConfigRef reference for secret with notifier configuration for vmalert only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier (see [below for nested schema](#nestedatt--spec--notifier_config_ref))
@@ -86,25 +90,25 @@ Optional:
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. (see [below for nested schema](#nestedatt--spec--pod_metadata))
-- `port` (String) Port for listen
-- `priority_class_name` (String) Priority class assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
 - `remote_read` (Attributes) RemoteRead Optional URL to read vmalert state (persisted via RemoteWrite) This configuration only makes sense if alerts state has been successfully persisted (via RemoteWrite) before. see -remoteRead.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 (see [below for nested schema](#nestedatt--spec--remote_read))
 - `remote_write` (Attributes) RemoteWrite Optional URL to remote-write compatible storage to persist vmalert state and rule results to. Rule results will be persisted according to each rule. Alerts state will be persisted in the form of time series named ALERTS and ALERTS_FOR_STATE see -remoteWrite.url docs in vmalerts for details. E.g. http://127.0.0.1:8428 (see [below for nested schema](#nestedatt--spec--remote_write))
-- `replica_count` (Number) ReplicaCount is the expected size of the VMAlert cluster. The controller will eventually make the size of the running cluster equal to the expected size.
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update` (Attributes) RollingUpdate - overrides deployment update params. (see [below for nested schema](#nestedatt--spec--rolling_update))
 - `rule_namespace_selector` (Attributes) RuleNamespaceSelector to be selected for VMRules discovery. Works in combination with Selector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. (see [below for nested schema](#nestedatt--spec--rule_namespace_selector))
 - `rule_path` (List of String) RulePath to the file with alert rules. Supports patterns. Flag can be specified multiple times. Examples: -rule /path/to/file. Path to a single file with alerting rules -rule dir/*.yaml -rule /*.yaml. Relative path to all .yaml files in folder, absolute path to all .yaml files in root. by default operator adds /etc/vmalert/configs/base/vmalert.yaml
 - `rule_selector` (Attributes) RuleSelector selector to select which VMRules to mount for loading alerting rules from. Works in combination with NamespaceSelector. If both nil - behaviour controlled by selectAllByDefault NamespaceSelector nil - only objects at VMAlert namespace. (see [below for nested schema](#nestedatt--spec--rule_selector))
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMAlert object, which shall be mounted into the VMAlert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `select_all_by_default` (Boolean) SelectAllByDefault changes default behavior for empty CRD selectors, such RuleSelector. with selectAllByDefault: true and empty serviceScrapeSelector and RuleNamespaceSelector Operator selects all exist serviceScrapes with selectAllByDefault: false - selects nothing
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the VMAlert Pods.
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmalert VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmalert service spec (see [below for nested schema](#nestedatt--spec--service_spec))
 - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
@@ -112,9 +116,11 @@ Optional:
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 - `update_strategy` (String) UpdateStrategy - overrides default update strategy.
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
 - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAlert container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `use_vm_config_reloader` (Boolean) UseVMConfigReloader replaces prometheus-like config-reloader with vm one. It uses secrets watch instead of file watch which greatly increases speed of config updates
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
 <a id="nestedatt--spec--datasource"></a>
 ### Nested Schema for `spec.datasource`
@@ -129,8 +135,7 @@ Optional:
 - `bearer_token_file` (String) Path to bearer token file
 - `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--datasource--bearer_token_secret))
 - `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
-- `o_auth2` (Map of String)
-- `oauth2` (Attributes) OAuth2 defines OAuth2 configuration (see [below for nested schema](#nestedatt--spec--datasource--oauth2))
+- `oauth2` (Map of String) OAuth2 defines OAuth2 configuration
 - `tls_config` (Map of String) TLSConfig specifies TLSConfig configuration parameters.
 
 <a id="nestedatt--spec--datasource--basic_auth"></a>
@@ -138,9 +143,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--datasource--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--datasource--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--datasource--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--datasource--basic_auth--username))
 
 <a id="nestedatt--spec--datasource--basic_auth--password"></a>
 ### Nested Schema for `spec.datasource.basic_auth.password`
@@ -151,7 +156,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -164,7 +169,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -178,72 +183,26 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--datasource--oauth2"></a>
-### Nested Schema for `spec.datasource.oauth2`
 
-Required:
-
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--datasource--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
-
-Optional:
-
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--datasource--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
-
-<a id="nestedatt--spec--datasource--oauth2--client_id"></a>
-### Nested Schema for `spec.datasource.oauth2.client_id`
-
-Optional:
-
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--datasource--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--datasource--oauth2--client_id--secret))
-
-<a id="nestedatt--spec--datasource--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.datasource.oauth2.client_id.config_map`
-
-Required:
-
-- `key` (String) The key to select.
+<a id="nestedatt--spec--config_reloader_resources"></a>
+### Nested Schema for `spec.config_reloader_resources`
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--datasource--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.datasource.oauth2.client_id.secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
+- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--config_reloader_resources--claims))
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--datasource--oauth2--client_secret"></a>
-### Nested Schema for `spec.datasource.oauth2.client_secret`
+<a id="nestedatt--spec--config_reloader_resources--claims"></a>
+### Nested Schema for `spec.config_reloader_resources.claims`
 
 Required:
 
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
+- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 
 
@@ -266,6 +225,18 @@ Optional:
 
 
 
+<a id="nestedatt--spec--host_aliases"></a>
+### Nested Schema for `spec.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
 <a id="nestedatt--spec--image"></a>
 ### Nested Schema for `spec.image`
 
@@ -281,7 +252,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--license"></a>
@@ -289,7 +260,7 @@ Optional:
 
 Optional:
 
-- `key` (String) Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
+- `key` (String) Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial)
 - `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
 
 <a id="nestedatt--spec--license--key_ref"></a>
@@ -301,7 +272,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -315,8 +286,7 @@ Optional:
 - `bearer_token_file` (String) Path to bearer token file
 - `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--notifier--bearer_token_secret))
 - `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
-- `o_auth2` (Map of String)
-- `oauth2` (Attributes) OAuth2 defines OAuth2 configuration (see [below for nested schema](#nestedatt--spec--notifier--oauth2))
+- `oauth2` (Map of String) OAuth2 defines OAuth2 configuration
 - `selector` (Attributes) Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn (see [below for nested schema](#nestedatt--spec--notifier--selector))
 - `tls_config` (Map of String) TLSConfig specifies TLSConfig configuration parameters.
 - `url` (String) AlertManager url. E.g. http://127.0.0.1:9093
@@ -326,9 +296,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--notifier--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--notifier--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--notifier--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--notifier--basic_auth--username))
 
 <a id="nestedatt--spec--notifier--basic_auth--password"></a>
 ### Nested Schema for `spec.notifier.basic_auth.password`
@@ -339,7 +309,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -352,7 +322,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -366,74 +336,10 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--notifier--oauth2"></a>
-### Nested Schema for `spec.notifier.oauth2`
-
-Required:
-
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--notifier--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
-
-Optional:
-
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--notifier--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
-
-<a id="nestedatt--spec--notifier--oauth2--client_id"></a>
-### Nested Schema for `spec.notifier.oauth2.client_id`
-
-Optional:
-
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--notifier--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--notifier--oauth2--client_id--secret))
-
-<a id="nestedatt--spec--notifier--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.notifier.oauth2.client_id.config_map`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--notifier--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.notifier.oauth2.client_id.secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-<a id="nestedatt--spec--notifier--oauth2--client_secret"></a>
-### Nested Schema for `spec.notifier.oauth2.client_secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
 <a id="nestedatt--spec--notifier--selector"></a>
 ### Nested Schema for `spec.notifier.selector`
 
@@ -484,7 +390,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -497,8 +403,7 @@ Optional:
 - `bearer_token_file` (String) Path to bearer token file
 - `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--notifiers--bearer_token_secret))
 - `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
-- `o_auth2` (Map of String)
-- `oauth2` (Attributes) OAuth2 defines OAuth2 configuration (see [below for nested schema](#nestedatt--spec--notifiers--oauth2))
+- `oauth2` (Map of String) OAuth2 defines OAuth2 configuration
 - `selector` (Attributes) Selector allows service discovery for alertmanager in this case all matched vmalertmanager replicas will be added into vmalert notifier.url as statefulset pod.fqdn (see [below for nested schema](#nestedatt--spec--notifiers--selector))
 - `tls_config` (Map of String) TLSConfig specifies TLSConfig configuration parameters.
 - `url` (String) AlertManager url. E.g. http://127.0.0.1:9093
@@ -508,9 +413,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--notifiers--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--notifiers--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--notifiers--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--notifiers--basic_auth--username))
 
 <a id="nestedatt--spec--notifiers--basic_auth--password"></a>
 ### Nested Schema for `spec.notifiers.basic_auth.password`
@@ -521,7 +426,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -534,7 +439,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -548,74 +453,10 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--notifiers--oauth2"></a>
-### Nested Schema for `spec.notifiers.oauth2`
-
-Required:
-
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--notifiers--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
-
-Optional:
-
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--notifiers--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
-
-<a id="nestedatt--spec--notifiers--oauth2--client_id"></a>
-### Nested Schema for `spec.notifiers.oauth2.client_id`
-
-Optional:
-
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--notifiers--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--notifiers--oauth2--client_id--secret))
-
-<a id="nestedatt--spec--notifiers--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.notifiers.oauth2.client_id.config_map`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--notifiers--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.notifiers.oauth2.client_id.secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-<a id="nestedatt--spec--notifiers--oauth2--client_secret"></a>
-### Nested Schema for `spec.notifiers.oauth2.client_secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-
 <a id="nestedatt--spec--notifiers--selector"></a>
 ### Nested Schema for `spec.notifiers.selector`
 
@@ -699,8 +540,7 @@ Optional:
 - `bearer_token_secret` (Attributes) Optional bearer auth token to use for -remoteWrite.url (see [below for nested schema](#nestedatt--spec--remote_read--bearer_token_secret))
 - `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
 - `lookback` (String) Lookback defines how far to look into past for alerts timeseries. For example, if lookback=1h then range from now() to now()-1h will be scanned. (default 1h0m0s) Applied only to RemoteReadSpec
-- `o_auth2` (Map of String)
-- `oauth2` (Attributes) OAuth2 defines OAuth2 configuration (see [below for nested schema](#nestedatt--spec--remote_read--oauth2))
+- `oauth2` (Map of String) OAuth2 defines OAuth2 configuration
 - `tls_config` (Map of String) TLSConfig specifies TLSConfig configuration parameters.
 
 <a id="nestedatt--spec--remote_read--basic_auth"></a>
@@ -708,9 +548,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_read--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_read--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_read--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_read--basic_auth--username))
 
 <a id="nestedatt--spec--remote_read--basic_auth--password"></a>
 ### Nested Schema for `spec.remote_read.basic_auth.password`
@@ -721,7 +561,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -734,7 +574,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -748,75 +588,11 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-<a id="nestedatt--spec--remote_read--oauth2"></a>
-### Nested Schema for `spec.remote_read.oauth2`
-
-Required:
-
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--remote_read--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
-
-Optional:
-
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--remote_read--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
-
-<a id="nestedatt--spec--remote_read--oauth2--client_id"></a>
-### Nested Schema for `spec.remote_read.oauth2.client_id`
-
-Optional:
-
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_read--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_read--oauth2--client_id--secret))
-
-<a id="nestedatt--spec--remote_read--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.remote_read.oauth2.client_id.config_map`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--remote_read--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.remote_read.oauth2.client_id.secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
 
-<a id="nestedatt--spec--remote_read--oauth2--client_secret"></a>
-### Nested Schema for `spec.remote_read.oauth2.client_secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-
 <a id="nestedatt--spec--remote_write"></a>
 ### Nested Schema for `spec.remote_write`
 
@@ -834,8 +610,7 @@ Optional:
 - `headers` (List of String) Headers allow configuring custom http headers Must be in form of semicolon separated header with value e.g. headerName:headerValue vmalert supports it since 1.79.0 version
 - `max_batch_size` (Number) Defines defines max number of timeseries to be flushed at once (default 1000)
 - `max_queue_size` (Number) Defines the max number of pending datapoints to remote write endpoint (default 100000)
-- `o_auth2` (Map of String)
-- `oauth2` (Attributes) OAuth2 defines OAuth2 configuration (see [below for nested schema](#nestedatt--spec--remote_write--oauth2))
+- `oauth2` (Map of String) OAuth2 defines OAuth2 configuration
 - `tls_config` (Map of String) TLSConfig specifies TLSConfig configuration parameters.
 
 <a id="nestedatt--spec--remote_write--basic_auth"></a>
@@ -843,9 +618,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--remote_write--basic_auth--username))
 
 <a id="nestedatt--spec--remote_write--basic_auth--password"></a>
 ### Nested Schema for `spec.remote_write.basic_auth.password`
@@ -856,7 +631,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -869,7 +644,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -883,74 +658,10 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
-<a id="nestedatt--spec--remote_write--oauth2"></a>
-### Nested Schema for `spec.remote_write.oauth2`
-
-Required:
-
-- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id))
-- `token_url` (String) The URL to fetch the token from
-
-Optional:
-
-- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_secret))
-- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
-- `endpoint_params` (Map of String) Parameters to append to the token URL
-- `scopes` (List of String) OAuth2 scopes used for the token request
-
-<a id="nestedatt--spec--remote_write--oauth2--client_id"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id`
-
-Optional:
-
-- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--config_map))
-- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--remote_write--oauth2--client_id--secret))
-
-<a id="nestedatt--spec--remote_write--oauth2--client_id--config_map"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id.config_map`
-
-Required:
-
-- `key` (String) The key to select.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
-
-
-<a id="nestedatt--spec--remote_write--oauth2--client_id--secret"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_id.secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
-<a id="nestedatt--spec--remote_write--oauth2--client_secret"></a>
-### Nested Schema for `spec.remote_write.oauth2.client_secret`
-
-Required:
-
-- `key` (String) The key of the secret to select from. Must be a valid secret key.
-
-Optional:
-
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-- `optional` (Boolean) Specify whether the Secret or its key must be defined
-
-
-
 
 <a id="nestedatt--spec--resources"></a>
 ### Nested Schema for `spec.resources`
@@ -1068,7 +779,8 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest.md
index b1fb0efa4..37f3ff843 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest.md
@@ -30,7 +30,7 @@ data "k8s_operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest"
 
 ### Optional
 
-- `spec` (Attributes) VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig (see [below for nested schema](#nestedatt--spec))
+- `spec` (Attributes) VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig it must reference only locally defined objects (see [below for nested schema](#nestedatt--spec))
 
 ### Read-Only
 
@@ -53,57 +53,15 @@ Optional:
 <a id="nestedatt--spec"></a>
 ### Nested Schema for `spec`
 
-Optional:
-
-- `inhibit_rules` (Attributes List) InhibitRules will only apply for alerts matching the resource's namespace. (see [below for nested schema](#nestedatt--spec--inhibit_rules))
-- `mute_time_intervals` (Attributes List) MuteTimeInterval - global mute time See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval (see [below for nested schema](#nestedatt--spec--mute_time_intervals))
-- `receivers` (Attributes List) Receivers defines alert receivers. without defined Route, receivers will be skipped. (see [below for nested schema](#nestedatt--spec--receivers))
-- `route` (Attributes) Route definition for alertmanager, may include nested routes. (see [below for nested schema](#nestedatt--spec--route))
-- `time_intervals` (Attributes List) ParsingError contents error with context if operator was failed to parse json object from kubernetes api server TimeIntervals modern config option, use it instead of mute_time_intervals (see [below for nested schema](#nestedatt--spec--time_intervals))
-
-<a id="nestedatt--spec--inhibit_rules"></a>
-### Nested Schema for `spec.inhibit_rules`
-
-Optional:
-
-- `equal` (List of String) Labels that must have an equal value in the source and target alert for the inhibition to take effect.
-- `source_matchers` (List of String) SourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect.
-- `target_matchers` (List of String) TargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted.
-
-
-<a id="nestedatt--spec--mute_time_intervals"></a>
-### Nested Schema for `spec.mute_time_intervals`
-
 Required:
 
-- `time_intervals` (Attributes List) TimeIntervals interval configuration (see [below for nested schema](#nestedatt--spec--mute_time_intervals--time_intervals))
-
-Optional:
-
-- `name` (String) Name of interval
-
-<a id="nestedatt--spec--mute_time_intervals--time_intervals"></a>
-### Nested Schema for `spec.mute_time_intervals.time_intervals`
+- `receivers` (Attributes List) Receivers defines alert receivers (see [below for nested schema](#nestedatt--spec--receivers))
+- `route` (Attributes) Route definition for alertmanager, may include nested routes. (see [below for nested schema](#nestedatt--spec--route))
 
 Optional:
 
-- `days_of_month` (List of String) DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. for example, ['1:5', '-3:-1']
-- `location` (String) Location in golang time location form, e.g. UTC
-- `months` (List of String) Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1. For example, ['1:3', 'may:august', 'december']
-- `times` (Attributes List) Times defines time range for mute (see [below for nested schema](#nestedatt--spec--mute_time_intervals--time_intervals--times))
-- `weekdays` (List of String) Weekdays defines list of days of the week, where the week begins on Sunday and ends on Saturday.
-- `years` (List of String) Years defines numerical list of years, ranges are accepted. For example, ['2020:2022', '2030']
-
-<a id="nestedatt--spec--mute_time_intervals--time_intervals--times"></a>
-### Nested Schema for `spec.mute_time_intervals.time_intervals.times`
-
-Required:
-
-- `end_time` (String) EndTime for example HH:MM
-- `start_time` (String) StartTime for example HH:MM
-
-
-
+- `inhibit_rules` (Attributes List) InhibitRules will only apply for alerts matching the resource's namespace. (see [below for nested schema](#nestedatt--spec--inhibit_rules))
+- `time_intervals` (Attributes List) TimeIntervals defines named interval for active/mute notifications interval See https://prometheus.io/docs/alerting/latest/configuration/#time_interval (see [below for nested schema](#nestedatt--spec--time_intervals))
 
 <a id="nestedatt--spec--receivers"></a>
 ### Nested Schema for `spec.receivers`
@@ -145,20 +103,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--discord_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--discord_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.discord_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--discord_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.discord_configs.http_config.basic_auth.password`
@@ -169,7 +152,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -182,7 +165,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -196,10 +179,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
+<a id="nestedatt--spec--receivers--discord_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.discord_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--discord_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.discord_configs.http_config.tls_config`
 
@@ -231,7 +278,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -244,7 +291,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -266,7 +313,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -279,7 +326,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -293,7 +340,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -308,7 +355,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -322,13 +369,13 @@ Optional:
 - `auth_password` (Attributes) AuthPassword defines secret name and key at CRD namespace. (see [below for nested schema](#nestedatt--spec--receivers--email_configs--auth_password))
 - `auth_secret` (Attributes) AuthSecret defines secrent name and key at CRD namespace. It must contain the CRAM-MD5 secret. (see [below for nested schema](#nestedatt--spec--receivers--email_configs--auth_secret))
 - `auth_username` (String) The username to use for authentication.
-- `from` (String) The sender address.
+- `from` (String) The sender address. fallback to global setting if empty
 - `headers` (Map of String) Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.
 - `hello` (String) The hostname to identify to the SMTP server.
 - `html` (String) The HTML body of the email notification.
 - `require_tls` (Boolean) The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.
 - `send_resolved` (Boolean) SendResolved controls notify about resolved alerts.
-- `smarthost` (String) The SMTP host through which emails are sent.
+- `smarthost` (String) The SMTP host through which emails are sent. fallback to global setting if empty
 - `text` (String) The text body of the email notification.
 - `tls_config` (Attributes) TLS configuration (see [below for nested schema](#nestedatt--spec--receivers--email_configs--tls_config))
 - `to` (String) The email address to send notifications to.
@@ -342,7 +389,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -355,7 +402,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -390,7 +437,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -403,7 +450,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -425,7 +472,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -438,7 +485,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -452,7 +499,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -475,20 +522,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--msteams_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.msteams_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--msteams_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.msteams_configs.http_config.basic_auth.password`
@@ -499,7 +571,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -512,7 +584,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -526,10 +598,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--receivers--msteams_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.msteams_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
 <a id="nestedatt--spec--receivers--msteams_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.msteams_configs.http_config.tls_config`
 
@@ -561,7 +697,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -574,7 +710,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -596,7 +732,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -609,7 +745,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -623,7 +759,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -638,7 +774,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -649,7 +785,7 @@ Optional:
 Optional:
 
 - `actions` (String) Comma separated list of actions that will be available for the alert.
-- `api_key` (Attributes) The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--api_key))
+- `api_key` (Attributes) The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD fallback to global setting if empty (see [below for nested schema](#nestedatt--spec--receivers--opsgenie_configs--api_key))
 - `api_url` (String) The URL to send OpsGenie API requests to.
 - `description` (String) Description of the incident.
 - `details` (Map of String) A set of arbitrary key/value pairs that provide further detail about the incident.
@@ -673,7 +809,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -747,7 +883,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -760,7 +896,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -793,7 +929,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -806,7 +942,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -817,7 +953,7 @@ Optional:
 Optional:
 
 - `actions` (Attributes List) A list of Slack actions that are sent with each notification. (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--actions))
-- `api_url` (Attributes) The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--api_url))
+- `api_url` (Attributes) The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD fallback to global setting if empty (see [below for nested schema](#nestedatt--spec--receivers--slack_configs--api_url))
 - `callback_id` (String)
 - `channel` (String) The channel or user to send notifications to.
 - `color` (String)
@@ -879,7 +1015,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -918,20 +1054,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--sns_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--sns_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.sns_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--sns_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.sns_configs.http_config.basic_auth.password`
@@ -942,7 +1103,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -955,7 +1116,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -969,10 +1130,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--receivers--sns_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.sns_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
 <a id="nestedatt--spec--receivers--sns_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.sns_configs.http_config.tls_config`
 
@@ -1004,7 +1229,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1017,7 +1242,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1039,7 +1264,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1052,7 +1277,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1066,7 +1291,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1093,7 +1318,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1106,7 +1331,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1138,7 +1363,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1146,16 +1371,19 @@ Optional:
 <a id="nestedatt--spec--receivers--victorops_configs"></a>
 ### Nested Schema for `spec.receivers.victorops_configs`
 
+Required:
+
+- `routing_key` (String) A key used to map the alert to a team.
+
 Optional:
 
-- `api_key` (Attributes) The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--api_key))
+- `api_key` (Attributes) The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD fallback to global setting if empty (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--api_key))
 - `api_url` (String) The VictorOps API URL.
 - `custom_fields` (Map of String) Adds optional custom fields https://github.com/prometheus/alertmanager/blob/v0.24.0/config/notifiers.go#L537
 - `entity_display_name` (String) Contains summary of the alerted problem.
 - `http_config` (Attributes) The HTTP client's configuration. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config))
 - `message_type` (String) Describes the behavior of the alert (CRITICAL, WARNING, INFO).
 - `monitoring_tool` (String) The monitoring tool the state message is from.
-- `routing_key` (String) A key used to map the alert to a team.
 - `send_resolved` (Boolean) SendResolved controls notify about resolved alerts.
 - `state_message` (String) Contains long explanation of the alerted problem.
 
@@ -1168,7 +1396,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1177,20 +1405,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--victorops_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.victorops_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--victorops_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.victorops_configs.http_config.basic_auth.password`
@@ -1201,7 +1454,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1214,7 +1467,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1228,10 +1481,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
+<a id="nestedatt--spec--receivers--victorops_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.victorops_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--victorops_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.victorops_configs.http_config.tls_config`
 
@@ -1263,7 +1580,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1276,7 +1593,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1298,7 +1615,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1311,7 +1628,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1325,7 +1642,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1348,20 +1665,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--webex_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--webex_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.webex_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--webex_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.webex_configs.http_config.basic_auth.password`
@@ -1372,7 +1714,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1385,7 +1727,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1399,10 +1741,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--receivers--webex_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.webex_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
 <a id="nestedatt--spec--receivers--webex_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.webex_configs.http_config.tls_config`
 
@@ -1434,7 +1840,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1447,7 +1853,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1469,7 +1875,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1482,7 +1888,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1496,7 +1902,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1523,7 +1929,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1534,9 +1940,9 @@ Optional:
 Optional:
 
 - `agent_id` (String)
-- `api_secret` (Attributes) The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--api_secret))
-- `api_url` (String) The WeChat API URL.
-- `corp_id` (String) The corp id for authentication.
+- `api_secret` (Attributes) The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig fallback to global alertmanager setting if empty (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--api_secret))
+- `api_url` (String) The WeChat API URL. fallback to global alertmanager setting if empty
+- `corp_id` (String) The corp id for authentication. fallback to global alertmanager setting if empty
 - `http_config` (Attributes) HTTP client configuration. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config))
 - `message` (String) API request data as defined by the WeChat API.
 - `message_type` (String)
@@ -1554,7 +1960,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1563,20 +1969,45 @@ Optional:
 
 Optional:
 
-- `basic_auth` (Attributes) TODO oAuth2 support BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth))
+- `authorization` (Attributes) Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--authorization))
+- `basic_auth` (Attributes) BasicAuth for the client. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth))
 - `bearer_token_file` (String) BearerTokenFile defines filename for bearer token, it must be mounted to pod.
 - `bearer_token_secret` (Attributes) The secret's key that contains the bearer token It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--bearer_token_secret))
+- `oauth2` (Attributes) OAuth2 client credentials used to fetch a token for the targets. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2))
 - `proxy_url` (String) Optional proxy URL.
 - `tls_config` (Attributes) TLS configuration for the client. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--tls_config))
 
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--authorization"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--authorization--credentials"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--wechat_configs--http_config--basic_auth"></a>
 ### Nested Schema for `spec.receivers.wechat_configs.http_config.basic_auth`
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--basic_auth--username))
 
 <a id="nestedatt--spec--receivers--wechat_configs--http_config--basic_auth--password"></a>
 ### Nested Schema for `spec.receivers.wechat_configs.http_config.basic_auth.password`
@@ -1587,7 +2018,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1600,7 +2031,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1614,10 +2045,74 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--oauth2"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+
+<a id="nestedatt--spec--receivers--wechat_configs--http_config--oauth2--client_secret"></a>
+### Nested Schema for `spec.receivers.wechat_configs.http_config.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
 <a id="nestedatt--spec--receivers--wechat_configs--http_config--tls_config"></a>
 ### Nested Schema for `spec.receivers.wechat_configs.http_config.tls_config`
 
@@ -1649,7 +2144,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1662,7 +2157,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1684,7 +2179,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1697,7 +2192,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1711,7 +2206,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1734,11 +2229,21 @@ Optional:
 - `group_interval` (String) How long to wait before sending an updated notification.
 - `group_wait` (String) How long to wait before sending the initial notification.
 - `matchers` (List of String) List of matchers that the alert’s labels should match. For the first level route, the operator adds a namespace: 'CRD_NS' matcher. https://prometheus.io/docs/alerting/latest/configuration/#matcher
-- `mute_time_intervals` (List of String) MuteTimeIntervals for alerts
+- `mute_time_intervals` (List of String) MuteTimeIntervals is a list of interval names that will mute matched alert
 - `repeat_interval` (String) How long to wait before repeating the last notification.
 - `routes` (List of String) Child routes. https://prometheus.io/docs/alerting/latest/configuration/#route
 
 
+<a id="nestedatt--spec--inhibit_rules"></a>
+### Nested Schema for `spec.inhibit_rules`
+
+Optional:
+
+- `equal` (List of String) Labels that must have an equal value in the source and target alert for the inhibition to take effect.
+- `source_matchers` (List of String) SourceMatchers defines a list of matchers for which one or more alerts have to exist for the inhibition to take effect.
+- `target_matchers` (List of String) TargetMatchers defines a list of matchers that have to be fulfilled by the target alerts to be muted.
+
+
 <a id="nestedatt--spec--time_intervals"></a>
 ### Nested Schema for `spec.time_intervals`
 
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.md
index 746c356a0..ab3ef7a0a 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.md
@@ -57,49 +57,57 @@ Optional:
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
 - `claim_templates` (Attributes List) ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet (see [below for nested schema](#nestedatt--spec--claim_templates))
 - `cluster_advertise_address` (String) ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
+- `cluster_domain_name` (String) ClusterDomainName defines domain name suffix for in-cluster dns addresses aka .cluster.local used to build pod peer addresses for in-cluster communication
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `config_namespace_selector` (Attributes) ConfigNamespaceSelector defines namespace selector for VMAlertmanagerConfig. Works in combination with Selector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--config_namespace_selector))
 - `config_raw_yaml` (String) ConfigRawYaml - raw configuration for alertmanager, it helps it to start without secret. priority -> hardcoded ConfigRaw -> ConfigRaw, provided by user -> ConfigSecret.
 - `config_reloader_extra_args` (Map of String) ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: '30s'
+- `config_reloader_image_tag` (String) ConfigReloaderImageTag defines image:tag for config-reloader container
+- `config_reloader_resources` (Attributes) ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--config_reloader_resources))
 - `config_secret` (String) ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAlertmanager object, which contains configuration for this VMAlertmanager, configuration must be inside secret key: alertmanager.yaml. It must be created by user. instance. Defaults to 'vmalertmanager-<alertmanager-name>' The secret is mounted into /etc/alertmanager/config.
 - `config_selector` (Attributes) ConfigSelector defines selector for VMAlertmanagerConfig, result config will be merged with with Raw or Secret config. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAlertmanager namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--config_selector))
-- `containers` (List of Map of String) Containers allows injecting additional containers or patching existing containers. This is meant to allow adding an authentication proxy to an VMAlertmanager pod.
-- `disable_namespace_matcher` (Boolean) DisableNamespaceMatcher disables namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason
+- `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_namespace_matcher` (Boolean) DisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig It may be useful if alert doesn't have namespace label for some reason
 - `disable_route_continue_enforce` (Boolean) DisableRouteContinueEnforce cancel the behavior for VMAlertmanagerConfig that always enforce first-level route continue to true
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
+- `enforced_top_route_matchers` (List of String) EnforcedTopRouteMatchers defines label matchers to be added for the top route of VMAlertmanagerConfig It allows to make some set of labels required for alerts. https://prometheus.io/docs/alerting/latest/configuration/#matcher
 - `external_url` (String) ExternalURL the VMAlertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if VMAlertmanager is not served from root of a DNS name.
-- `extra_args` (Map of String) ExtraArgs that will be passed to VMAlertmanager pod for example log.level: debug
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMAlertmanager pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `gossip_config` (Attributes) GossipConfig defines gossip TLS configuration for Alertmanager cluster (see [below for nested schema](#nestedatt--spec--gossip_config))
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `image` (Attributes) Image - docker image settings for VMAlertmanager if no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image))
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMAlertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `listen_local` (Boolean) ListenLocal makes the VMAlertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the VMAlertmanager UI, not the gossip communication.
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMAlertmanager to be configured with.
 - `log_level` (String) Log level for VMAlertmanager to be configured with.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. (see [below for nested schema](#nestedatt--spec--pod_metadata))
+- `port` (String) Port listen address
 - `port_name` (String) PortName used for the pods and governing service. This defaults to web
 - `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `replica_count` (Number) ReplicaCount Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--resources))
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
 - `retention` (String) Retention Time duration VMAlertmanager shall retain data for. Default is '120h', and must match the regular expression '[0-9]+(ms|s|m|h)' (milliseconds seconds minutes hours).
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update_strategy` (String) RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
 - `route_prefix` (String) RoutePrefix VMAlertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with 'kubectl proxy'.
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMAlertmanager object, which shall be mounted into the VMAlertmanager Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `select_all_by_default` (Boolean) SelectAllByDefault changes default behavior for empty CRD selectors, such ConfigSelector. with selectAllByDefault: true and undefined ConfigSelector and ConfigNamespaceSelector Operator selects all exist alertManagerConfigs with selectAllByDefault: false - selects nothing
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmalertmanager VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmalertmanager service spec (see [below for nested schema](#nestedatt--spec--service_spec))
 - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
@@ -108,9 +116,12 @@ Optional:
 - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
 - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `use_vm_config_reloader` (Boolean) UseVMConfigReloader replaces prometheus-like config-reloader with vm one. It uses secrets watch instead of file watch which greatly increases speed of config updates
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
+- `web_config` (Attributes) WebConfig defines configuration for webserver https://github.com/prometheus/alertmanager/blob/main/docs/https.md (see [below for nested schema](#nestedatt--spec--web_config))
 
 <a id="nestedatt--spec--claim_templates"></a>
 ### Nested Schema for `spec.claim_templates`
@@ -134,6 +145,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--claim_templates--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -169,18 +181,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--claim_templates--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--claim_templates--spec--resources--claims"></a>
-### Nested Schema for `spec.claim_templates.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--claim_templates--spec--selector"></a>
 ### Nested Schema for `spec.claim_templates.spec.selector`
@@ -211,11 +214,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--claim_templates--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--claim_templates--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--claim_templates--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--claim_templates--status--conditions"></a>
 ### Nested Schema for `spec.claim_templates.status.conditions`
@@ -230,7 +235,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--claim_templates--status--modify_volume_status"></a>
+### Nested Schema for `spec.claim_templates.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -257,6 +274,24 @@ Optional:
 
 
 
+<a id="nestedatt--spec--config_reloader_resources"></a>
+### Nested Schema for `spec.config_reloader_resources`
+
+Optional:
+
+- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--config_reloader_resources--claims))
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+<a id="nestedatt--spec--config_reloader_resources--claims"></a>
+### Nested Schema for `spec.config_reloader_resources.claims`
+
+Required:
+
+- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+
+
 <a id="nestedatt--spec--config_selector"></a>
 ### Nested Schema for `spec.config_selector`
 
@@ -298,6 +333,139 @@ Optional:
 
 
 
+<a id="nestedatt--spec--gossip_config"></a>
+### Nested Schema for `spec.gossip_config`
+
+Optional:
+
+- `tls_client_config` (Attributes) TLSClientConfig defines client TLS configuration for alertmanager (see [below for nested schema](#nestedatt--spec--gossip_config--tls_client_config))
+- `tls_server_config` (Attributes) TLSServerConfig defines server TLS configuration for alertmanager (see [below for nested schema](#nestedatt--spec--gossip_config--tls_server_config))
+
+<a id="nestedatt--spec--gossip_config--tls_client_config"></a>
+### Nested Schema for `spec.gossip_config.tls_client_config`
+
+Optional:
+
+- `ca_file` (String) CAFile defines path to the pre-mounted file with CA mutually exclusive with CASecretRef
+- `ca_secret_ref` (Attributes) CA defines reference for secret with CA content under given key mutually exclusive with CAFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_client_config--ca_secret_ref))
+- `cert_file` (String) CertFile defines path to the pre-mounted file with certificate mutually exclusive with CertSecretRef
+- `cert_secret_ref` (Attributes) CertSecretRef defines reference for secret with certificate content under given key mutually exclusive with CertFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_client_config--cert_secret_ref))
+- `insecure_skip_verify` (Boolean) Cert defines reference for secret with CA content under given key mutually exclusive with CertFile
+- `key_file` (String) KeyFile defines path to the pre-mounted file with certificate key mutually exclusive with KeySecretRef
+- `key_secret_ref` (Attributes) Key defines reference for secret with certificate key content under given key mutually exclusive with KeyFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_client_config--key_secret_ref))
+- `server_name` (String) ServerName indicates a name of a server
+
+<a id="nestedatt--spec--gossip_config--tls_client_config--ca_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_client_config.ca_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--gossip_config--tls_client_config--cert_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_client_config.cert_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--gossip_config--tls_client_config--key_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_client_config.key_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--gossip_config--tls_server_config"></a>
+### Nested Schema for `spec.gossip_config.tls_server_config`
+
+Optional:
+
+- `cert_file` (String) CertFile defines path to the pre-mounted file with certificate mutually exclusive with CertSecretRef
+- `cert_secret_ref` (Attributes) CertSecretRef defines reference for secret with certificate content under given key mutually exclusive with CertFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_server_config--cert_secret_ref))
+- `cipher_suites` (List of String) CipherSuites defines list of supported cipher suites for TLS versions up to TLS 1.2 https://golang.org/pkg/crypto/tls/#pkg-constants
+- `client_auth_type` (String) Cert defines reference for secret with CA content under given key mutually exclusive with CertFile ClientAuthType defines server policy for client authentication If you want to enable client authentication (aka mTLS), you need to use RequireAndVerifyClientCert Note, mTLS is supported only at enterprise version of VictoriaMetrics components
+- `client_ca_file` (String) ClientCAFile defines path to the pre-mounted file with CA mutually exclusive with ClientCASecretRef
+- `client_ca_secret_ref` (Attributes) ClientCASecretRef defines reference for secret with CA content under given key mutually exclusive with ClientCAFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_server_config--client_ca_secret_ref))
+- `curve_preferences` (List of String) CurvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. https://golang.org/pkg/crypto/tls/#CurveID
+- `key_file` (String) KeyFile defines path to the pre-mounted file with certificate key mutually exclusive with KeySecretRef
+- `key_secret_ref` (Attributes) Key defines reference for secret with certificate key content under given key mutually exclusive with KeyFile (see [below for nested schema](#nestedatt--spec--gossip_config--tls_server_config--key_secret_ref))
+- `max_version` (String) MaxVersion maximum TLS version that is acceptable.
+- `min_version` (String) MinVersion minimum TLS version that is acceptable.
+- `prefer_server_cipher_suites` (Boolean) PreferServerCipherSuites controls whether the server selects the client's most preferred ciphersuite
+
+<a id="nestedatt--spec--gossip_config--tls_server_config--cert_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_server_config.cert_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--gossip_config--tls_server_config--client_ca_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_server_config.client_ca_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--gossip_config--tls_server_config--key_secret_ref"></a>
+### Nested Schema for `spec.gossip_config.tls_server_config.key_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--host_aliases"></a>
+### Nested Schema for `spec.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
 <a id="nestedatt--spec--image"></a>
 ### Nested Schema for `spec.image`
 
@@ -313,7 +481,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--pod_disruption_budget"></a>
@@ -435,6 +603,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -470,18 +639,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--storage--volume_claim_template--spec--resources--claims"></a>
-### Nested Schema for `spec.storage.volume_claim_template.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--storage--volume_claim_template--spec--selector"></a>
 ### Nested Schema for `spec.storage.volume_claim_template.spec.selector`
@@ -512,11 +672,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--storage--volume_claim_template--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--storage--volume_claim_template--status--conditions"></a>
 ### Nested Schema for `spec.storage.volume_claim_template.status.conditions`
@@ -531,7 +693,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--storage--volume_claim_template--status--modify_volume_status"></a>
+### Nested Schema for `spec.storage.volume_claim_template.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -546,7 +720,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--tolerations"></a>
@@ -571,7 +745,83 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+
+<a id="nestedatt--spec--web_config"></a>
+### Nested Schema for `spec.web_config`
+
+Optional:
+
+- `basic_auth_users` (Map of String) BasicAuthUsers Usernames and hashed passwords that have full access to the web server Passwords must be hashed with bcrypt
+- `http_server_config` (Attributes) HTTPServerConfig defines http server configuration for alertmanager web server (see [below for nested schema](#nestedatt--spec--web_config--http_server_config))
+- `tls_server_config` (Attributes) TLSServerConfig defines server TLS configuration for alertmanager (see [below for nested schema](#nestedatt--spec--web_config--tls_server_config))
+
+<a id="nestedatt--spec--web_config--http_server_config"></a>
+### Nested Schema for `spec.web_config.http_server_config`
+
+Optional:
+
+- `headers` (Map of String) Headers defines list of headers that can be added to HTTP responses.
+- `http2` (Boolean) HTTP2 enables HTTP/2 support. Note that HTTP/2 is only supported with TLS. This can not be changed on the fly.
+
+
+<a id="nestedatt--spec--web_config--tls_server_config"></a>
+### Nested Schema for `spec.web_config.tls_server_config`
+
+Optional:
+
+- `cert_file` (String) CertFile defines path to the pre-mounted file with certificate mutually exclusive with CertSecretRef
+- `cert_secret_ref` (Attributes) CertSecretRef defines reference for secret with certificate content under given key mutually exclusive with CertFile (see [below for nested schema](#nestedatt--spec--web_config--tls_server_config--cert_secret_ref))
+- `cipher_suites` (List of String) CipherSuites defines list of supported cipher suites for TLS versions up to TLS 1.2 https://golang.org/pkg/crypto/tls/#pkg-constants
+- `client_auth_type` (String) Cert defines reference for secret with CA content under given key mutually exclusive with CertFile ClientAuthType defines server policy for client authentication If you want to enable client authentication (aka mTLS), you need to use RequireAndVerifyClientCert Note, mTLS is supported only at enterprise version of VictoriaMetrics components
+- `client_ca_file` (String) ClientCAFile defines path to the pre-mounted file with CA mutually exclusive with ClientCASecretRef
+- `client_ca_secret_ref` (Attributes) ClientCASecretRef defines reference for secret with CA content under given key mutually exclusive with ClientCAFile (see [below for nested schema](#nestedatt--spec--web_config--tls_server_config--client_ca_secret_ref))
+- `curve_preferences` (List of String) CurvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. https://golang.org/pkg/crypto/tls/#CurveID
+- `key_file` (String) KeyFile defines path to the pre-mounted file with certificate key mutually exclusive with KeySecretRef
+- `key_secret_ref` (Attributes) Key defines reference for secret with certificate key content under given key mutually exclusive with KeyFile (see [below for nested schema](#nestedatt--spec--web_config--tls_server_config--key_secret_ref))
+- `max_version` (String) MaxVersion maximum TLS version that is acceptable.
+- `min_version` (String) MinVersion minimum TLS version that is acceptable.
+- `prefer_server_cipher_suites` (Boolean) PreferServerCipherSuites controls whether the server selects the client's most preferred ciphersuite
+
+<a id="nestedatt--spec--web_config--tls_server_config--cert_secret_ref"></a>
+### Nested Schema for `spec.web_config.tls_server_config.cert_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--web_config--tls_server_config--client_ca_secret_ref"></a>
+### Nested Schema for `spec.web_config.tls_server_config.client_ca_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--web_config--tls_server_config--key_secret_ref"></a>
+### Nested Schema for `spec.web_config.tls_server_config.key_secret_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md
index 5e405bccf..d776fe2fa 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md
@@ -56,51 +56,54 @@ Optional:
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `config_reloader_extra_args` (Map of String) ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container for example resyncInterval: '30s'
+- `config_reloader_image_tag` (String) ConfigReloaderImageTag defines image:tag for config-reloader container
+- `config_reloader_resources` (Attributes) ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--config_reloader_resources))
 - `config_secret` (String) ConfigSecret is the name of a Kubernetes Secret in the same namespace as the VMAuth object, which contains auth configuration for vmauth, configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
 - `default_url` (List of String) DefaultURLs backend url for non-matching paths filter usually used for default backend with error message
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
-- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
-- `extra_args` (Map of String) ExtraArgs that will be passed to VMAuth pod for example remoteWrite.tmpDataPath: /tmp
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMAuth pod
+- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details.
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
 - `headers` (List of String) Headers represent additional http headers, that vmauth uses in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.68.0 version of vmauth
 - `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `image` (Attributes) Image - docker image settings for VMAuth if no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image))
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
 - `ingress` (Attributes) Ingress enables ingress configuration for VMAuth. (see [below for nested schema](#nestedatt--spec--ingress))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
-- `ip_filters` (Attributes) IPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters (see [below for nested schema](#nestedatt--spec--ip_filters))
-- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+- `ip_filters` (Attributes) IPFilters defines per target src ip filters supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) (see [below for nested schema](#nestedatt--spec--ip_filters))
+- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) (see [below for nested schema](#nestedatt--spec--license))
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
-- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')
+- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default 'least_loaded')
 - `log_format` (String) LogFormat for VMAuth to be configured with.
 - `log_level` (String) LogLevel for victoria metrics single to be configured with.
 - `max_concurrent_requests` (Number) MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. (see [below for nested schema](#nestedatt--spec--pod_metadata))
-- `port` (String) Port listen port
-- `priority_class_name` (String) PriorityClassName assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `replica_count` (Number) ReplicaCount is the expected size of the VMAuth
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
 - `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
 - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.93.0 version of vmauth
 - `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retries e.g. [429,503]
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMAuth object, which shall be mounted into the VMAuth Pods.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `select_all_by_default` (Boolean) SelectAllByDefault changes default behavior for empty CRD selectors, such userSelector. with selectAllByDefault: true and empty userSelector and userNamespaceSelector Operator selects all exist users with selectAllByDefault: false - selects nothing
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the VMAuth Pods.
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmauth VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmsingle service spec (see [below for nested schema](#nestedatt--spec--service_spec))
 - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
@@ -109,11 +112,31 @@ Optional:
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 - `unauthorized_access_config` (Attributes List) UnauthorizedAccessConfig configures access for un authorized users (see [below for nested schema](#nestedatt--spec--unauthorized_access_config))
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
 - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
+- `use_vm_config_reloader` (Boolean) UseVMConfigReloader replaces prometheus-like config-reloader with vm one. It uses secrets watch instead of file watch which greatly increases speed of config updates
 - `user_namespace_selector` (Attributes) UserNamespaceSelector Namespaces to be selected for VMAuth discovery. Works in combination with Selector. NamespaceSelector nil - only objects at VMAuth namespace. Selector nil - only objects at NamespaceSelector namespaces. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--user_namespace_selector))
 - `user_selector` (Attributes) UserSelector defines VMUser to be selected for config file generation. Works in combination with NamespaceSelector. NamespaceSelector nil - only objects at VMAuth namespace. If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--user_selector))
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMAuth container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
+
+<a id="nestedatt--spec--config_reloader_resources"></a>
+### Nested Schema for `spec.config_reloader_resources`
+
+Optional:
+
+- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--config_reloader_resources--claims))
+- `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+- `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+<a id="nestedatt--spec--config_reloader_resources--claims"></a>
+### Nested Schema for `spec.config_reloader_resources.claims`
+
+Required:
+
+- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+
 
 <a id="nestedatt--spec--dns_config"></a>
 ### Nested Schema for `spec.dns_config`
@@ -137,10 +160,13 @@ Optional:
 <a id="nestedatt--spec--host_aliases"></a>
 ### Nested Schema for `spec.host_aliases`
 
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
 Optional:
 
 - `hostnames` (List of String) Hostnames for the above IP address.
-- `ip` (String) IP address of the host file entry.
 
 
 <a id="nestedatt--spec--image"></a>
@@ -158,7 +184,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--ingress"></a>
@@ -273,7 +299,7 @@ Optional:
 
 Optional:
 
-- `key` (String) Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
+- `key` (String) Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial)
 - `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
 
 <a id="nestedatt--spec--license--key_ref"></a>
@@ -285,7 +311,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -390,7 +416,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -403,7 +429,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -425,7 +451,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -438,7 +464,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -452,7 +478,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -475,9 +501,9 @@ Optional:
 Optional:
 
 - `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
-- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details.
 - `headers` (List of String) RequestHeaders represent additional http headers, that vmauth uses in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.68.0 version of vmauth
-- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')
+- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default 'least_loaded')
 - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.93.0 version of vmauth
 - `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503]
 - `src_headers` (List of String) SrcHeaders is an optional list of headers, which must match request headers.
@@ -541,7 +567,8 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md
index 206c7f573..43561fac6 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md
@@ -55,13 +55,14 @@ Optional:
 
 Required:
 
-- `retention_period` (String) RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention
+- `retention_period` (String) RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured [retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention)
 
 Optional:
 
+- `cluster_domain_name` (String) ClusterDomainName defines domain name suffix for in-cluster dns addresses aka .cluster.local used by vminsert and vmselect to build vmstorage address
 - `cluster_version` (String) ClusterVersion defines default images tag for all components. it can be overwritten with component specific image.tag value.
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
-- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license))
+- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) (see [below for nested schema](#nestedatt--spec--license))
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `replication_factor` (Number) ReplicationFactor defines how many copies of data make among distinct storage nodes
 - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the VMSelect, VMStorage and VMInsert Pods.
@@ -75,7 +76,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--license"></a>
@@ -83,7 +84,7 @@ Optional:
 
 Optional:
 
-- `key` (String) Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
+- `key` (String) Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial)
 - `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
 
 <a id="nestedatt--spec--license--key_ref"></a>
@@ -95,7 +96,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -103,42 +104,43 @@ Optional:
 <a id="nestedatt--spec--vminsert"></a>
 ### Nested Schema for `spec.vminsert`
 
-Required:
-
-- `replica_count` (Number) ReplicaCount is the expected size of the VMInsert cluster. The controller will eventually make the size of the running cluster equal to the expected size.
-
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
-- `cluster_native_listen_port` (String) ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
+- `cluster_native_listen_port` (String) ClusterNativePort for multi-level cluster setup. More [details](https://docs.victoriametrics.com/Cluster-VictoriaMetrics#multi-level-cluster-setup)
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--vminsert--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
-- `extra_args` (Map of String)
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMInsert pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--vminsert--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
 - `hpa` (Map of String) HPA defines kubernetes PodAutoScaling configuration version 2.
-- `image` (Attributes) Image - docker image settings for VMInsert (see [below for nested schema](#nestedatt--spec--vminsert--image))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMInsert configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--vminsert--image))
+- `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--vminsert--image_pull_secrets))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `insert_ports` (Attributes) InsertPorts - additional listen ports for data ingestion. (see [below for nested schema](#nestedatt--spec--vminsert--insert_ports))
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMInsert to be configured with. default or json
 - `log_level` (String) LogLevel for VMInsert to be configured with.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
+- `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--vminsert--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMInsert pods. (see [below for nested schema](#nestedatt--spec--vminsert--pod_metadata))
-- `port` (String) Port listen port
-- `priority_class_name` (String) Priority class assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--vminsert--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--vminsert--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--vminsert--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update` (Attributes) RollingUpdate - overrides deployment update params. (see [below for nested schema](#nestedatt--spec--vminsert--rolling_update))
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMInsert object, which shall be mounted into the VMInsert Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vminsert VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vminsert service spec (see [below for nested schema](#nestedatt--spec--vminsert--service_spec))
@@ -147,8 +149,10 @@ Optional:
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--vminsert--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 - `update_strategy` (String) UpdateStrategy - overrides default update strategy.
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMInsert container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--vminsert--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
+- `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--vminsert--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
 <a id="nestedatt--spec--vminsert--dns_config"></a>
 ### Nested Schema for `spec.vminsert.dns_config`
@@ -169,6 +173,18 @@ Optional:
 
 
 
+<a id="nestedatt--spec--vminsert--host_aliases"></a>
+### Nested Schema for `spec.vminsert.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
 <a id="nestedatt--spec--vminsert--image"></a>
 ### Nested Schema for `spec.vminsert.image`
 
@@ -179,6 +195,14 @@ Optional:
 - `tag` (String) Tag contains desired docker image version
 
 
+<a id="nestedatt--spec--vminsert--image_pull_secrets"></a>
+### Nested Schema for `spec.vminsert.image_pull_secrets`
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+
 <a id="nestedatt--spec--vminsert--insert_ports"></a>
 ### Nested Schema for `spec.vminsert.insert_ports`
 
@@ -290,8 +314,9 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
 
@@ -300,44 +325,45 @@ Optional:
 <a id="nestedatt--spec--vmselect"></a>
 ### Nested Schema for `spec.vmselect`
 
-Required:
-
-- `replica_count` (Number) ReplicaCount is the expected size of the VMSelect cluster. The controller will eventually make the size of the running cluster equal to the expected size.
-
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
 - `cache_mount_path` (String) CacheMountPath allows to add cache persistent for VMSelect, will use '/cache' as default if not specified.
 - `claim_templates` (Attributes List) ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates))
-- `cluster_native_listen_port` (String) ClusterNativePort for multi-level cluster setup. More details: https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
+- `cluster_native_listen_port` (String) ClusterNativePort for multi-level cluster setup. More [details](https://docs.victoriametrics.com/Cluster-VictoriaMetrics#multi-level-cluster-setup)
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--vmselect--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
-- `extra_args` (Map of String)
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMSelect pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--vmselect--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
 - `hpa` (Map of String) Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue.
-- `image` (Attributes) Image - docker image settings for VMSelect (see [below for nested schema](#nestedatt--spec--vmselect--image))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMSelect configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--vmselect--image))
+- `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--vmselect--image_pull_secrets))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMSelect to be configured with. default or json
 - `log_level` (String) LogLevel for VMSelect to be configured with.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
+- `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `persistent_volume` (Attributes) Storage - add persistent volume for cacheMountPath its useful for persistent cache use storage instead of persistentVolume. (see [below for nested schema](#nestedatt--spec--vmselect--persistent_volume))
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--vmselect--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMSelect pods. (see [below for nested schema](#nestedatt--spec--vmselect--pod_metadata))
-- `port` (String) Port listen port
-- `priority_class_name` (String) Priority class assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--vmselect--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--vmselect--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--vmselect--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update_strategy` (String) RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMSelect object, which shall be mounted into the VMSelect Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmselect VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmselect service spec (see [below for nested schema](#nestedatt--spec--vmselect--service_spec))
@@ -346,8 +372,10 @@ Optional:
 - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--vmselect--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSelect container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--vmselect--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
+- `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--vmselect--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
 <a id="nestedatt--spec--vmselect--claim_templates"></a>
 ### Nested Schema for `spec.vmselect.claim_templates`
@@ -371,6 +399,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -406,18 +435,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--vmselect--claim_templates--spec--resources--claims"></a>
-### Nested Schema for `spec.vmselect.claim_templates.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--vmselect--claim_templates--spec--selector"></a>
 ### Nested Schema for `spec.vmselect.claim_templates.spec.selector`
@@ -448,11 +468,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--vmselect--claim_templates--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--vmselect--claim_templates--status--conditions"></a>
 ### Nested Schema for `spec.vmselect.claim_templates.status.conditions`
@@ -467,7 +489,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--vmselect--claim_templates--status--modify_volume_status"></a>
+### Nested Schema for `spec.vmselect.claim_templates.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -491,6 +525,18 @@ Optional:
 
 
 
+<a id="nestedatt--spec--vmselect--host_aliases"></a>
+### Nested Schema for `spec.vmselect.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
 <a id="nestedatt--spec--vmselect--image"></a>
 ### Nested Schema for `spec.vmselect.image`
 
@@ -501,6 +547,14 @@ Optional:
 - `tag` (String) Tag contains desired docker image version
 
 
+<a id="nestedatt--spec--vmselect--image_pull_secrets"></a>
+### Nested Schema for `spec.vmselect.image_pull_secrets`
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+
 <a id="nestedatt--spec--vmselect--persistent_volume"></a>
 ### Nested Schema for `spec.vmselect.persistent_volume`
 
@@ -639,6 +693,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -674,18 +729,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--vmselect--storage--volume_claim_template--spec--resources--claims"></a>
-### Nested Schema for `spec.vmselect.storage.volume_claim_template.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--vmselect--storage--volume_claim_template--spec--selector"></a>
 ### Nested Schema for `spec.vmselect.storage.volume_claim_template.spec.selector`
@@ -716,11 +762,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--vmselect--storage--volume_claim_template--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--vmselect--storage--volume_claim_template--status--conditions"></a>
 ### Nested Schema for `spec.vmselect.storage.volume_claim_template.status.conditions`
@@ -735,7 +783,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--vmselect--storage--volume_claim_template--status--modify_volume_status"></a>
+### Nested Schema for `spec.vmselect.storage.volume_claim_template.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -763,8 +823,9 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
 
@@ -773,42 +834,43 @@ Optional:
 <a id="nestedatt--spec--vmstorage"></a>
 ### Nested Schema for `spec.vmstorage`
 
-Required:
-
-- `replica_count` (Number) ReplicaCount is the expected size of the VMStorage cluster. The controller will eventually make the size of the running cluster equal to the expected size.
-
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
 - `claim_templates` (Attributes List) ClaimTemplates allows adding additional VolumeClaimTemplates for StatefulSet (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates))
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The ConfigMaps are mounted into /etc/vm/configs/<configmap-name>.
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--vmstorage--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
-- `extra_args` (Map of String)
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMStorage pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
+- `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--vmstorage--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `image` (Attributes) Image - docker image settings for VMStorage (see [below for nested schema](#nestedatt--spec--vmstorage--image))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the VMStorage configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--vmstorage--image))
+- `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--vmstorage--image_pull_secrets))
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMStorage to be configured with. default or json
 - `log_level` (String) LogLevel for VMStorage to be configured with.
 - `maintenance_insert_node_i_ds` (List of String) MaintenanceInsertNodeIDs - excludes given node ids from insert requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc. lets say, you have pod-0, pod-1, pod-2, pod-3. to exclude pod-0 and pod-3 from insert routing, define nodeIDs: [0,3]. Useful at storage expanding, when you want to rebalance some data at cluster.
 - `maintenance_select_node_i_ds` (List of String) MaintenanceInsertNodeIDs - excludes given node ids from select requests routing, must contain pod suffixes - for pod-0, id will be 0 and etc.
-- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
+- `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--vmstorage--pod_disruption_budget))
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMStorage pods. (see [below for nested schema](#nestedatt--spec--vmstorage--pod_metadata))
-- `port` (String) Port for health check connetions
-- `priority_class_name` (String) Priority class assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--vmstorage--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--vmstorage--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
+- `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--vmstorage--resources))
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `rolling_update_strategy` (String) RollingUpdateStrategy defines strategy for application updates Default is OnDelete, in this case operator handles update process Can be changed for RollingUpdate
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMStorage object, which shall be mounted into the VMStorage Pods. The Secrets are mounted into /etc/vm/secrets/<secret-name>.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmstorage VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be create additional service for vmstorage (see [below for nested schema](#nestedatt--spec--vmstorage--service_spec))
@@ -818,11 +880,13 @@ Optional:
 - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--vmstorage--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
+- `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
 - `vm_backup` (Attributes) VMBackup configuration for backup (see [below for nested schema](#nestedatt--spec--vmstorage--vm_backup))
 - `vm_insert_port` (String) VMInsertPort for VMInsert connections
 - `vm_select_port` (String) VMSelectPort for VMSelect connections
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMStorage container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--vmstorage--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--vmstorage--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
 <a id="nestedatt--spec--vmstorage--claim_templates"></a>
 ### Nested Schema for `spec.vmstorage.claim_templates`
@@ -846,6 +910,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--spec--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--spec--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -881,18 +946,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--spec--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--vmstorage--claim_templates--spec--resources--claims"></a>
-### Nested Schema for `spec.vmstorage.claim_templates.spec.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--vmstorage--claim_templates--spec--selector"></a>
 ### Nested Schema for `spec.vmstorage.claim_templates.spec.selector`
@@ -923,11 +979,13 @@ Optional:
 Optional:
 
 - `access_modes` (List of String) accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
-- `allocated_resources` (Map of String) allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed' When this field is not set, it means that no resize operation is in progress for the given PVC. A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+- `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource' Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 - `capacity` (Map of String) capacity represents the actual resources of the underlying volume.
-- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--status--conditions))
+- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--status--conditions))
+- `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+- `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--vmstorage--claim_templates--status--modify_volume_status))
 - `phase` (String) phase represents the current phase of PersistentVolumeClaim.
-- `resize_status` (String) resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 <a id="nestedatt--spec--vmstorage--claim_templates--status--conditions"></a>
 ### Nested Schema for `spec.vmstorage.claim_templates.status.conditions`
@@ -942,7 +1000,19 @@ Optional:
 - `last_probe_time` (String) lastProbeTime is the time we probed the condition.
 - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another.
 - `message` (String) message is the human-readable message indicating details about last transition.
-- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'ResizeStarted' that means the underlying persistent volume is being resized.
+- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports 'Resizing' that means the underlying persistent volume is being resized.
+
+
+<a id="nestedatt--spec--vmstorage--claim_templates--status--modify_volume_status"></a>
+### Nested Schema for `spec.vmstorage.claim_templates.status.modify_volume_status`
+
+Required:
+
+- `status` (String) status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+
+Optional:
+
+- `target_volume_attributes_class_name` (String) targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
 
 
 
@@ -966,6 +1036,18 @@ Optional:
 
 
 
+<a id="nestedatt--spec--vmstorage--host_aliases"></a>
+### Nested Schema for `spec.vmstorage.host_aliases`
+
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
+Optional:
+
+- `hostnames` (List of String) Hostnames for the above IP address.
+
+
 <a id="nestedatt--spec--vmstorage--image"></a>
 ### Nested Schema for `spec.vmstorage.image`
 
@@ -976,6 +1058,14 @@ Optional:
 - `tag` (String) Tag contains desired docker image version
 
 
+<a id="nestedatt--spec--vmstorage--image_pull_secrets"></a>
+### Nested Schema for `spec.vmstorage.image_pull_secrets`
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+
 <a id="nestedatt--spec--vmstorage--pod_disruption_budget"></a>
 ### Nested Schema for `spec.vmstorage.pod_disruption_budget`
 
@@ -1098,7 +1188,7 @@ Optional:
 - `log_level` (String) LogLevel for VMBackup to be configured with.
 - `port` (String) Port for health check connections
 - `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--vmstorage--vm_backup--resources))
-- `restore` (Attributes) Restore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands (see [below for nested schema](#nestedatt--spec--vmstorage--vm_backup--restore))
+- `restore` (Attributes) Restore Allows to enable restore options for pod Read [more](https://docs.victoriametrics.com/vmbackupmanager#restore-commands) (see [below for nested schema](#nestedatt--spec--vmstorage--vm_backup--restore))
 - `snapshot_create_url` (String) SnapshotCreateURL overwrites url for snapshot create
 - `snapshot_delete_url` (String) SnapShotDeleteURL overwrites url for snapshot delete
 - `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--vmstorage--vm_backup--volume_mounts))
@@ -1112,7 +1202,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1147,7 +1237,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1185,7 +1275,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1245,8 +1335,9 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
 
@@ -1262,7 +1353,8 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest.md
index 2b620cceb..a27b726a9 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest.md
@@ -56,21 +56,22 @@ Optional:
 Optional:
 
 - `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints (see [below for nested schema](#nestedatt--spec--basic_auth))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--basic_auth))
 - `bearer_token_file` (String) File to read bearer token for scraping targets.
-- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--bearer_token_secret))
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--bearer_token_secret))
 - `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
 - `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
 - `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
 - `interval` (String) Interval at which metrics should be scraped
 - `job_label` (String) The label to use to retrieve the job name from.
-- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples before ingestion. (see [below for nested schema](#nestedatt--spec--metric_relabel_configs))
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--metric_relabel_configs))
 - `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--oauth2))
 - `params` (Map of List of String) Optional HTTP URL parameters
 - `path` (String) HTTP path to scrape for metrics.
 - `port` (String) Name of the port exposed at Node.
 - `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
-- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--relabel_configs))
+- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--relabel_configs))
 - `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 - `scheme` (String) HTTP scheme to use for scraping.
 - `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
@@ -78,7 +79,7 @@ Optional:
 - `selector` (Attributes) Selector to select kubernetes Nodes. (see [below for nested schema](#nestedatt--spec--selector))
 - `series_limit` (Number) SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
 - `target_labels` (List of String) TargetLabels transfers labels on the Kubernetes Node onto the target.
-- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--tls_config))
+- `tls_config` (Attributes) TLSConfig configuration to use when scraping the endpoint (see [below for nested schema](#nestedatt--spec--tls_config))
 - `vm_scrape_params` (Attributes) VMScrapeParams defines VictoriaMetrics specific scrape parameters (see [below for nested schema](#nestedatt--spec--vm_scrape_params))
 
 <a id="nestedatt--spec--authorization"></a>
@@ -99,7 +100,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -109,9 +110,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--username))
 
 <a id="nestedatt--spec--basic_auth--password"></a>
 ### Nested Schema for `spec.basic_auth.password`
@@ -122,7 +123,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -135,7 +136,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -149,7 +150,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -202,7 +203,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -215,7 +216,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -229,7 +230,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -304,7 +305,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -317,7 +318,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -339,7 +340,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -352,7 +353,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -366,7 +367,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -376,13 +377,11 @@ Optional:
 
 Optional:
 
-- `disable_compression` (Boolean)
-- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
 - `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
-- `metric_relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
 - `no_stale_markers` (Boolean)
-- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config))
-- `relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config))
 - `scrape_align_interval` (String)
 - `scrape_offset` (String)
 - `stream_parse` (Boolean)
@@ -402,9 +401,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username))
 
 <a id="nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
 ### Nested Schema for `spec.vm_scrape_params.proxy_client_config.basic_auth.password`
@@ -415,7 +414,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -428,7 +427,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -442,7 +441,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -477,7 +476,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -490,7 +489,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -512,7 +511,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -525,7 +524,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -539,5 +538,5 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest.md
index 0a0a77410..e86cf4801 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest.md
@@ -74,27 +74,28 @@ Optional:
 
 - `attach_metadata` (Attributes) AttachMetadata configures metadata attaching from service discovery (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--attach_metadata))
 - `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth))
 - `bearer_token_file` (String) File to read bearer token for scraping targets.
-- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--bearer_token_secret))
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--bearer_token_secret))
 - `filter_running` (Boolean) FilterRunning applies filter with pod status == running it prevents from scrapping metrics at failed or succeed state pods. enabled by default
 - `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
 - `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
 - `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
 - `interval` (String) Interval at which metrics should be scraped
-- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples before ingestion. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--metric_relabel_configs))
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--metric_relabel_configs))
 - `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--oauth2))
 - `params` (Map of List of String) Optional HTTP URL parameters
 - `path` (String) HTTP path to scrape for metrics.
-- `port` (String) Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.
+- `port` (String) Name of the port exposed at Pod.
 - `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
-- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--relabel_configs))
-- `sample_limit` (Number) SampleLimit defines per-podEndpoint limit on number of scraped samples that will be accepted.
+- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--relabel_configs))
+- `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 - `scheme` (String) HTTP scheme to use for scraping.
 - `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
 - `scrape_timeout` (String) Timeout after which the scrape is ended
 - `series_limit` (Number) SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
-- `target_port` (String) Deprecated: Use 'port' instead.
+- `target_port` (String) TargetPort Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
 - `tls_config` (Attributes) TLSConfig configuration to use when scraping the endpoint (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--tls_config))
 - `vm_scrape_params` (Attributes) VMScrapeParams defines VictoriaMetrics specific scrape parameters (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params))
 
@@ -124,7 +125,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -134,9 +135,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--basic_auth--username))
 
 <a id="nestedatt--spec--pod_metrics_endpoints--basic_auth--password"></a>
 ### Nested Schema for `spec.pod_metrics_endpoints.basic_auth.password`
@@ -147,7 +148,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -160,7 +161,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -174,7 +175,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -227,7 +228,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -240,7 +241,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -254,7 +255,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -307,7 +308,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -320,7 +321,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -342,7 +343,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -355,7 +356,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -369,7 +370,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -379,13 +380,11 @@ Optional:
 
 Optional:
 
-- `disable_compression` (Boolean)
-- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
 - `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
-- `metric_relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
 - `no_stale_markers` (Boolean)
-- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config))
-- `relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config))
 - `scrape_align_interval` (String)
 - `scrape_offset` (String)
 - `stream_parse` (Boolean)
@@ -405,9 +404,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
 
 <a id="nestedatt--spec--pod_metrics_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
 ### Nested Schema for `spec.pod_metrics_endpoints.vm_scrape_params.proxy_client_config.basic_auth.password`
@@ -418,7 +417,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -431,7 +430,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -445,7 +444,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -480,7 +479,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -493,7 +492,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -515,7 +514,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -528,7 +527,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -542,7 +541,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_probe_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_probe_v1beta1_manifest.md
index 062199c20..420d14a30 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_probe_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_probe_v1beta1_manifest.md
@@ -57,19 +57,25 @@ Required:
 Optional:
 
 - `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints (see [below for nested schema](#nestedatt--spec--basic_auth))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--basic_auth))
 - `bearer_token_file` (String) File to read bearer token for scraping targets.
-- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--bearer_token_secret))
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--bearer_token_secret))
 - `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
-- `interval` (String) Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.
+- `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
+- `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
+- `interval` (String) Interval at which metrics should be scraped
 - `job_name` (String) The job name assigned to scraped metrics by default.
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--metric_relabel_configs))
 - `module` (String) The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
 - `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--oauth2))
 - `params` (Map of List of String) Optional HTTP URL parameters
+- `path` (String) HTTP path to scrape for metrics.
 - `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
 - `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+- `scheme` (String) HTTP scheme to use for scraping.
 - `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
-- `scrape_timeout` (String) Timeout for scraping metrics from the Prometheus exporter.
+- `scrape_timeout` (String) Timeout after which the scrape is ended
 - `series_limit` (Number) SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
 - `targets` (Attributes) Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. (see [below for nested schema](#nestedatt--spec--targets))
 - `tls_config` (Attributes) TLSConfig configuration to use when scraping the endpoint (see [below for nested schema](#nestedatt--spec--tls_config))
@@ -106,7 +112,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -116,9 +122,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--username))
 
 <a id="nestedatt--spec--basic_auth--password"></a>
 ### Nested Schema for `spec.basic_auth.password`
@@ -129,7 +135,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -142,7 +148,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -156,10 +162,27 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
+<a id="nestedatt--spec--metric_relabel_configs"></a>
+### Nested Schema for `spec.metric_relabel_configs`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
 <a id="nestedatt--spec--oauth2"></a>
 ### Nested Schema for `spec.oauth2`
 
@@ -192,7 +215,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -205,7 +228,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -219,7 +242,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -230,7 +253,7 @@ Optional:
 Optional:
 
 - `ingress` (Attributes) Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. (see [below for nested schema](#nestedatt--spec--targets--ingress))
-- `static_config` (Attributes) StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. (see [below for nested schema](#nestedatt--spec--targets--static_config))
+- `static_config` (Attributes) StaticConfig defines static targets which are considers for probing. (see [below for nested schema](#nestedatt--spec--targets--static_config))
 
 <a id="nestedatt--spec--targets--ingress"></a>
 ### Nested Schema for `spec.targets.ingress`
@@ -238,7 +261,7 @@ Optional:
 Optional:
 
 - `namespace_selector` (Attributes) Select Ingress objects by namespace. (see [below for nested schema](#nestedatt--spec--targets--ingress--namespace_selector))
-- `relabeling_configs` (Attributes List) RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--targets--ingress--relabeling_configs))
+- `relabeling_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--targets--ingress--relabeling_configs))
 - `selector` (Attributes) Select Ingress objects by labels. (see [below for nested schema](#nestedatt--spec--targets--ingress--selector))
 
 <a id="nestedatt--spec--targets--ingress--namespace_selector"></a>
@@ -300,7 +323,7 @@ Required:
 Optional:
 
 - `labels` (Map of String) Labels assigned to all metrics scraped from the targets.
-- `relabeling_configs` (Attributes List) More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--targets--static_config--relabeling_configs))
+- `relabeling_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--targets--static_config--relabeling_configs))
 
 <a id="nestedatt--spec--targets--static_config--relabeling_configs"></a>
 ### Nested Schema for `spec.targets.static_config.relabeling_configs`
@@ -352,7 +375,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -365,7 +388,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -387,7 +410,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -400,7 +423,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -414,7 +437,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -424,13 +447,11 @@ Optional:
 
 Optional:
 
-- `disable_compression` (Boolean)
-- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
 - `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
-- `metric_relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
 - `no_stale_markers` (Boolean)
-- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config))
-- `relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config))
 - `scrape_align_interval` (String)
 - `scrape_offset` (String)
 - `stream_parse` (Boolean)
@@ -450,9 +471,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username))
 
 <a id="nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
 ### Nested Schema for `spec.vm_scrape_params.proxy_client_config.basic_auth.password`
@@ -463,7 +484,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -476,7 +497,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -490,7 +511,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -525,7 +546,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -538,7 +559,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -560,7 +581,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -573,7 +594,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -587,5 +608,5 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_rule_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_rule_v1beta1_manifest.md
index 91d15b584..5b5122122 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_rule_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_rule_v1beta1_manifest.md
@@ -65,14 +65,17 @@ Required:
 Optional:
 
 - `concurrency` (Number) Concurrency defines how many rules execute at once.
-- `extra_filter_labels` (Map of String) ExtraFilterLabels optional list of label filters applied to every rule's request withing a group. Is compatible only with VM datasource. See more details at https://docs.victoriametrics.com#prometheus-querying-api-enhancements Deprecated, use params instead
+- `eval_alignment` (Boolean) Optional The evaluation timestamp will be aligned with group's interval, instead of using the actual timestamp that evaluation happens at. It is enabled by default to get more predictable results and to visually align with graphs plotted via Grafana or vmui.
+- `eval_delay` (String) Optional Adjust the 'time' parameter of group evaluation requests to compensate intentional query delay from the datasource.
+- `eval_offset` (String) Optional Group will be evaluated at the exact offset in the range of [0...interval].
+- `extra_filter_labels` (Map of String) ExtraFilterLabels optional list of label filters applied to every rule's request within a group. Is compatible only with VM datasource. See more details [here](https://docs.victoriametrics.com/#prometheus-querying-api-enhancements) Deprecated, use params instead
 - `headers` (List of String) Headers contains optional HTTP headers added to each rule request Must be in form 'header-name: value' For example: headers: - 'CustomHeader: foo' - 'CustomHeader2: bar'
 - `interval` (String) evaluation interval for group
 - `labels` (Map of String) Labels optional list of labels added to every rule within a group. It has priority over the external labels. Labels are commonly used for adding environment or tenant-specific tag.
 - `limit` (Number) Limit the number of alerts an alerting rule and series a recording rule can produce
 - `notifier_headers` (List of String) NotifierHeaders contains optional HTTP headers added to each alert request which will send to notifier Must be in form 'header-name: value' For example: headers: - 'CustomHeader: foo' - 'CustomHeader2: bar'
 - `params` (Map of List of String) Params optional HTTP URL parameters added to each rule request
-- `tenant` (String) Tenant id for group, can be used only with enterprise version of vmalert See more details at https://docs.victoriametrics.com/vmalert.html#multitenancy
+- `tenant` (String) Tenant id for group, can be used only with enterprise version of vmalert. See more details [here](https://docs.victoriametrics.com/vmalert#multitenancy).
 - `type` (String) Type defines datasource type for enterprise version of vmalert possible values - prometheus,graphite
 
 <a id="nestedatt--spec--groups--rules"></a>
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.md
new file mode 100644
index 000000000..098d84945
--- /dev/null
+++ b/docs/data-sources/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.md
@@ -0,0 +1,2341 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "k8s_operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest Data Source - terraform-provider-k8s"
+subcategory: "operator.victoriametrics.com"
+description: |-
+  VMScrapeConfig specifies a set of targets and parameters describing how to scrape them.
+---
+
+# k8s_operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest (Data Source)
+
+VMScrapeConfig specifies a set of targets and parameters describing how to scrape them.
+
+## Example Usage
+
+```terraform
+data "k8s_operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest" "example" {
+  metadata = {
+    name      = "some-name"
+    namespace = "some-namespace"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata))
+
+### Optional
+
+- `spec` (Attributes) VMScrapeConfigSpec defines the desired state of VMScrapeConfig (see [below for nested schema](#nestedatt--spec))
+
+### Read-Only
+
+- `yaml` (String) The generated manifest in YAML format.
+
+<a id="nestedatt--metadata"></a>
+### Nested Schema for `metadata`
+
+Required:
+
+- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.
+- `namespace` (String) Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.
+
+Optional:
+
+- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.
+- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.
+
+
+<a id="nestedatt--spec"></a>
+### Nested Schema for `spec`
+
+Optional:
+
+- `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--authorization))
+- `azure_sd_configs` (Attributes List) AzureSDConfigs defines a list of Azure service discovery configurations. (see [below for nested schema](#nestedatt--spec--azure_sd_configs))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--basic_auth))
+- `bearer_token_file` (String) File to read bearer token for scraping targets.
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--bearer_token_secret))
+- `consul_sd_configs` (Attributes List) ConsulSDConfigs defines a list of Consul service discovery configurations. (see [below for nested schema](#nestedatt--spec--consul_sd_configs))
+- `digital_ocean_sd_configs` (Attributes List) DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs))
+- `dns_sd_configs` (Attributes List) DNSSDConfigs defines a list of DNS service discovery configurations. (see [below for nested schema](#nestedatt--spec--dns_sd_configs))
+- `ec2_sd_configs` (Attributes List) EC2SDConfigs defines a list of EC2 service discovery configurations. (see [below for nested schema](#nestedatt--spec--ec2_sd_configs))
+- `file_sd_configs` (Attributes List) FileSDConfigs defines a list of file service discovery configurations. (see [below for nested schema](#nestedatt--spec--file_sd_configs))
+- `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
+- `gce_sd_configs` (Attributes List) GCESDConfigs defines a list of GCE service discovery configurations. (see [below for nested schema](#nestedatt--spec--gce_sd_configs))
+- `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
+- `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
+- `http_sd_configs` (Attributes List) HTTPSDConfigs defines a list of HTTP service discovery configurations. (see [below for nested schema](#nestedatt--spec--http_sd_configs))
+- `interval` (String) Interval at which metrics should be scraped
+- `kubernetes_sd_configs` (Attributes List) KubernetesSDConfigs defines a list of Kubernetes service discovery configurations. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs))
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--metric_relabel_configs))
+- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--oauth2))
+- `openstack_sd_configs` (Attributes List) OpenStackSDConfigs defines a list of OpenStack service discovery configurations. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs))
+- `params` (Map of List of String) Optional HTTP URL parameters
+- `path` (String) HTTP path to scrape for metrics.
+- `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--relabel_configs))
+- `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+- `scheme` (String) HTTP scheme to use for scraping.
+- `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
+- `scrape_timeout` (String) Timeout after which the scrape is ended
+- `series_limit` (Number) SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
+- `static_configs` (Attributes List) StaticConfigs defines a list of static targets with a common label set. (see [below for nested schema](#nestedatt--spec--static_configs))
+- `tls_config` (Attributes) TLSConfig configuration to use when scraping the endpoint (see [below for nested schema](#nestedatt--spec--tls_config))
+- `vm_scrape_params` (Attributes) VMScrapeParams defines VictoriaMetrics specific scrape parameters (see [below for nested schema](#nestedatt--spec--vm_scrape_params))
+
+<a id="nestedatt--spec--authorization"></a>
+### Nested Schema for `spec.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--authorization--credentials"></a>
+### Nested Schema for `spec.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--azure_sd_configs"></a>
+### Nested Schema for `spec.azure_sd_configs`
+
+Required:
+
+- `subscription_id` (String) The subscription ID. Always required.
+
+Optional:
+
+- `authentication_method` (String) # The authentication method, either OAuth or ManagedIdentity. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
+- `client_id` (String) Optional client ID. Only required with the OAuth authentication method.
+- `client_secret` (Attributes) Optional client secret. Only required with the OAuth authentication method. (see [below for nested schema](#nestedatt--spec--azure_sd_configs--client_secret))
+- `environment` (String) The Azure environment.
+- `port` (Number) The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
+- `resource_group` (String) Optional resource group name. Limits discovery to this resource group.
+- `tenant_id` (String) Optional tenant ID. Only required with the OAuth authentication method.
+
+<a id="nestedatt--spec--azure_sd_configs--client_secret"></a>
+### Nested Schema for `spec.azure_sd_configs.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--basic_auth"></a>
+### Nested Schema for `spec.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--basic_auth--username))
+
+<a id="nestedatt--spec--basic_auth--password"></a>
+### Nested Schema for `spec.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--basic_auth--username"></a>
+### Nested Schema for `spec.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--bearer_token_secret"></a>
+### Nested Schema for `spec.bearer_token_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs"></a>
+### Nested Schema for `spec.consul_sd_configs`
+
+Required:
+
+- `server` (String) A valid string consisting of a hostname or IP followed by an optional port number.
+
+Optional:
+
+- `allow_stale` (Boolean) Allow stale Consul results (see https://developer.hashicorp.com/consul/api-docs/features/consistency). Will reduce load on Consul. If unset, use its default value.
+- `authorization` (Attributes) Authorization header to use on every scrape request. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--authorization))
+- `basic_auth` (Attributes) BasicAuth information to use on every scrape request. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--basic_auth))
+- `datacenter` (String) Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.
+- `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects. If unset, use its default value.
+- `namespace` (String) Namespaces are only supported in Consul Enterprise.
+- `node_meta` (Map of String) Node metadata key/value pairs to filter nodes for a given service.
+- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2))
+- `partition` (String) Admin Partitions are only supported in Consul Enterprise.
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See [feature description](https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy) (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config))
+- `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+- `scheme` (String) HTTP Scheme default 'http'
+- `services` (List of String) A list of services for which targets are retrieved. If omitted, all services are scraped.
+- `tag_separator` (String) The string by which Consul tags are joined into the tag label. If unset, use its default value.
+- `tags` (List of String) An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
+- `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config))
+- `token_ref` (Attributes) Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--token_ref))
+
+<a id="nestedatt--spec--consul_sd_configs--authorization"></a>
+### Nested Schema for `spec.consul_sd_configs.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--consul_sd_configs--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--consul_sd_configs--authorization--credentials"></a>
+### Nested Schema for `spec.consul_sd_configs.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--basic_auth"></a>
+### Nested Schema for `spec.consul_sd_configs.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--consul_sd_configs--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--consul_sd_configs--basic_auth--username))
+
+<a id="nestedatt--spec--consul_sd_configs--basic_auth--password"></a>
+### Nested Schema for `spec.consul_sd_configs.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--basic_auth--username"></a>
+### Nested Schema for `spec.consul_sd_configs.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--oauth2"></a>
+### Nested Schema for `spec.consul_sd_configs.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--consul_sd_configs--oauth2--client_id"></a>
+### Nested Schema for `spec.consul_sd_configs.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--consul_sd_configs--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.consul_sd_configs.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.consul_sd_configs.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--oauth2--client_secret"></a>
+### Nested Schema for `spec.consul_sd_configs.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config`
+
+Optional:
+
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth))
+- `bearer_token` (Attributes) SecretKeySelector selects a key of a Secret. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--bearer_token))
+- `bearer_token_file` (String)
+- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config))
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth--username))
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth--password"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--basic_auth--username"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--bearer_token"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.bearer_token`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca--secret))
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert--secret))
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--proxy_client_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.consul_sd_configs.proxy_client_config.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--ca"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--ca--secret))
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--ca--secret"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--cert"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--consul_sd_configs--tls_config--cert--secret))
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--cert--secret"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--tls_config--key_secret"></a>
+### Nested Schema for `spec.consul_sd_configs.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--consul_sd_configs--token_ref"></a>
+### Nested Schema for `spec.consul_sd_configs.token_ref`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs`
+
+Optional:
+
+- `authorization` (Attributes) Authorization header to use on every scrape request. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--authorization))
+- `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects.
+- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2))
+- `port` (Number) The port to scrape metrics from.
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See [feature description](https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy) (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config))
+- `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+- `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--authorization"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--authorization--credentials"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--oauth2"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--oauth2--client_secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config`
+
+Optional:
+
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth))
+- `bearer_token` (Attributes) SecretKeySelector selects a key of a Secret. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--bearer_token))
+- `bearer_token_file` (String)
+- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth--username))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth--password"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--basic_auth--username"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--bearer_token"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.bearer_token`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca--secret))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert--secret))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--proxy_client_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.proxy_client_config.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--ca"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--ca--secret))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--ca--secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--cert"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--digital_ocean_sd_configs--tls_config--cert--secret))
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--cert--secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--digital_ocean_sd_configs--tls_config--key_secret"></a>
+### Nested Schema for `spec.digital_ocean_sd_configs.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--dns_sd_configs"></a>
+### Nested Schema for `spec.dns_sd_configs`
+
+Required:
+
+- `names` (List of String) A list of DNS domain names to be queried.
+
+Optional:
+
+- `port` (Number) The port number used if the query type is not SRV Ignored for SRV records
+- `type` (String)
+
+
+<a id="nestedatt--spec--ec2_sd_configs"></a>
+### Nested Schema for `spec.ec2_sd_configs`
+
+Optional:
+
+- `access_key` (Attributes) AccessKey is the AWS API key. (see [below for nested schema](#nestedatt--spec--ec2_sd_configs--access_key))
+- `filters` (Attributes List) Filters can be used optionally to filter the instance list by other criteria. Available filter criteria can be found here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html (see [below for nested schema](#nestedatt--spec--ec2_sd_configs--filters))
+- `port` (Number) The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
+- `region` (String) The AWS region
+- `role_arn` (String) AWS Role ARN, an alternative to using AWS API keys.
+- `secret_key` (Attributes) SecretKey is the AWS API secret. (see [below for nested schema](#nestedatt--spec--ec2_sd_configs--secret_key))
+
+<a id="nestedatt--spec--ec2_sd_configs--access_key"></a>
+### Nested Schema for `spec.ec2_sd_configs.access_key`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--ec2_sd_configs--filters"></a>
+### Nested Schema for `spec.ec2_sd_configs.filters`
+
+Required:
+
+- `name` (String)
+- `values` (List of String)
+
+
+<a id="nestedatt--spec--ec2_sd_configs--secret_key"></a>
+### Nested Schema for `spec.ec2_sd_configs.secret_key`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--file_sd_configs"></a>
+### Nested Schema for `spec.file_sd_configs`
+
+Required:
+
+- `files` (List of String) List of files to be used for file discovery.
+
+
+<a id="nestedatt--spec--gce_sd_configs"></a>
+### Nested Schema for `spec.gce_sd_configs`
+
+Required:
+
+- `project` (String) The Google Cloud Project ID
+- `zone` (String) The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.
+
+Optional:
+
+- `filter` (String) Filter can be used optionally to filter the instance list by other criteria Syntax of this filter is described in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list
+- `port` (Number) The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
+- `tag_separator` (String) The tag separator is used to separate the tags on concatenation
+
+
+<a id="nestedatt--spec--http_sd_configs"></a>
+### Nested Schema for `spec.http_sd_configs`
+
+Required:
+
+- `url` (String) URL from which the targets are fetched.
+
+Optional:
+
+- `authorization` (Attributes) Authorization header to use on every scrape request. (see [below for nested schema](#nestedatt--spec--http_sd_configs--authorization))
+- `basic_auth` (Attributes) BasicAuth information to use on every scrape request. (see [below for nested schema](#nestedatt--spec--http_sd_configs--basic_auth))
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See [feature description](https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy) (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config))
+- `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+- `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config))
+
+<a id="nestedatt--spec--http_sd_configs--authorization"></a>
+### Nested Schema for `spec.http_sd_configs.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--http_sd_configs--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--http_sd_configs--authorization--credentials"></a>
+### Nested Schema for `spec.http_sd_configs.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--basic_auth"></a>
+### Nested Schema for `spec.http_sd_configs.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--http_sd_configs--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--http_sd_configs--basic_auth--username))
+
+<a id="nestedatt--spec--http_sd_configs--basic_auth--password"></a>
+### Nested Schema for `spec.http_sd_configs.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--basic_auth--username"></a>
+### Nested Schema for `spec.http_sd_configs.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config`
+
+Optional:
+
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth))
+- `bearer_token` (Attributes) SecretKeySelector selects a key of a Secret. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--bearer_token))
+- `bearer_token_file` (String)
+- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config))
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth--username))
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth--password"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--basic_auth--username"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--bearer_token"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.bearer_token`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca--secret))
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert--secret))
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--proxy_client_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.http_sd_configs.proxy_client_config.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--http_sd_configs--tls_config"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--ca"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--ca--secret))
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--ca--secret"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--cert"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--http_sd_configs--tls_config--cert--secret))
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--cert--secret"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--http_sd_configs--tls_config--key_secret"></a>
+### Nested Schema for `spec.http_sd_configs.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs"></a>
+### Nested Schema for `spec.kubernetes_sd_configs`
+
+Required:
+
+- `role` (String) Role of the Kubernetes entities that should be discovered.
+
+Optional:
+
+- `api_server` (String) The API server address consisting of a hostname or IP address followed by an optional port number. If left empty, assuming process is running inside of the cluster. It will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+- `attach_metadata` (Attributes) AttachMetadata configures metadata attaching from service discovery (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--attach_metadata))
+- `authorization` (Attributes) Authorization header to use on every scrape request. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--authorization))
+- `basic_auth` (Attributes) BasicAuth information to use on every scrape request. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--basic_auth))
+- `follow_redirects` (Boolean) Configure whether HTTP requests follow HTTP 3xx redirects.
+- `namespaces` (Attributes) Optional namespace discovery. If omitted, discover targets across all namespaces. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--namespaces))
+- `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2))
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See [feature description](https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy) (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config))
+- `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+- `selectors` (Attributes List) Selector to select objects. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--selectors))
+- `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--attach_metadata"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.attach_metadata`
+
+Optional:
+
+- `node` (Boolean) Node instructs vmagent to add node specific metadata from service discovery Valid for roles: pod, endpoints, endpointslice.
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--authorization"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.authorization`
+
+Optional:
+
+- `credentials` (Attributes) Reference to the secret with value for authorization (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--authorization--credentials))
+- `credentials_file` (String) File with value for authorization
+- `type` (String) Type of authorization, default to bearer
+
+<a id="nestedatt--spec--kubernetes_sd_configs--authorization--credentials"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.authorization.credentials`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--basic_auth"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--basic_auth--username))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--basic_auth--password"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--basic_auth--username"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--namespaces"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.namespaces`
+
+Optional:
+
+- `names` (List of String) List of namespaces where to watch for resources. If empty and 'ownNamespace' isn't true, watch for resources in all namespaces.
+- `own_namespace` (Boolean) Includes the namespace in which the pod exists to the list of watched namespaces.
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--oauth2"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--kubernetes_sd_configs--oauth2--client_id"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--oauth2--client_secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config`
+
+Optional:
+
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth))
+- `bearer_token` (Attributes) SecretKeySelector selects a key of a Secret. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--bearer_token))
+- `bearer_token_file` (String)
+- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth--username))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth--password"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--basic_auth--username"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--bearer_token"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.bearer_token`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca--secret))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert--secret))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--proxy_client_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.proxy_client_config.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--selectors"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.selectors`
+
+Required:
+
+- `role` (String)
+
+Optional:
+
+- `field` (String)
+- `label` (String)
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--ca"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--ca--secret))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--ca--secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--cert"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--kubernetes_sd_configs--tls_config--cert--secret))
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--cert--secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--kubernetes_sd_configs--tls_config--key_secret"></a>
+### Nested Schema for `spec.kubernetes_sd_configs.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--metric_relabel_configs"></a>
+### Nested Schema for `spec.metric_relabel_configs`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+<a id="nestedatt--spec--oauth2"></a>
+### Nested Schema for `spec.oauth2`
+
+Required:
+
+- `client_id` (Attributes) The secret or configmap containing the OAuth2 client id (see [below for nested schema](#nestedatt--spec--oauth2--client_id))
+- `token_url` (String) The URL to fetch the token from
+
+Optional:
+
+- `client_secret` (Attributes) The secret containing the OAuth2 client secret (see [below for nested schema](#nestedatt--spec--oauth2--client_secret))
+- `client_secret_file` (String) ClientSecretFile defines path for client secret file.
+- `endpoint_params` (Map of String) Parameters to append to the token URL
+- `scopes` (List of String) OAuth2 scopes used for the token request
+
+<a id="nestedatt--spec--oauth2--client_id"></a>
+### Nested Schema for `spec.oauth2.client_id`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--oauth2--client_id--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--oauth2--client_id--secret))
+
+<a id="nestedatt--spec--oauth2--client_id--config_map"></a>
+### Nested Schema for `spec.oauth2.client_id.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--oauth2--client_id--secret"></a>
+### Nested Schema for `spec.oauth2.client_id.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--oauth2--client_secret"></a>
+### Nested Schema for `spec.oauth2.client_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--openstack_sd_configs"></a>
+### Nested Schema for `spec.openstack_sd_configs`
+
+Required:
+
+- `region` (String) The OpenStack Region.
+- `role` (String) The OpenStack role of entities that should be discovered.
+
+Optional:
+
+- `all_tenants` (Boolean) Whether the service discovery should list all instances for all projects. It is only relevant for the 'instance' role and usually requires admin permissions.
+- `application_credential_id` (String) ApplicationCredentialID
+- `application_credential_name` (String) The ApplicationCredentialID or ApplicationCredentialName fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
+- `application_credential_secret` (Attributes) The applicationCredentialSecret field is required if using an application credential to authenticate. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--application_credential_secret))
+- `availability` (String) Availability of the endpoint to connect to.
+- `domain_id` (String) DomainID
+- `domain_name` (String) At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional.
+- `identity_endpoint` (String) IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version.
+- `password` (Attributes) Password for the Identity V2 and V3 APIs. Consult with your provider's control panel to discover your account's preferred method of authentication. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--password))
+- `port` (Number) The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
+- `project_id` (String) ProjectID
+- `project_name` (String) The ProjectId and ProjectName fields are optional for the Identity V2 API. Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
+- `tls_config` (Attributes) TLS configuration to use on every scrape request (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config))
+- `userid` (String) UserID
+- `username` (String) Username is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed
+
+<a id="nestedatt--spec--openstack_sd_configs--application_credential_secret"></a>
+### Nested Schema for `spec.openstack_sd_configs.application_credential_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--openstack_sd_configs--password"></a>
+### Nested Schema for `spec.openstack_sd_configs.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--ca"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--ca--secret))
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--ca--secret"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--cert"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--openstack_sd_configs--tls_config--cert--secret))
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--cert--secret"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--openstack_sd_configs--tls_config--key_secret"></a>
+### Nested Schema for `spec.openstack_sd_configs.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+
+<a id="nestedatt--spec--relabel_configs"></a>
+### Nested Schema for `spec.relabel_configs`
+
+Optional:
+
+- `action` (String) Action to perform based on regex matching. Default is 'replace'
+- `if` (Map of String) If represents metricsQL match expression (or list of expressions): '{__name__=~'foo_.*'}'
+- `labels` (Map of String) Labels is used together with Match for 'action: graphite'
+- `match` (String) Match is used together with Labels for 'action: graphite'
+- `modulus` (Number) Modulus to take of the hash of the source label values.
+- `regex` (Map of String) Regular expression against which the extracted value is matched. Default is '(.*)' victoriaMetrics supports multiline regex joined with | https://docs.victoriametrics.com/vmagent/#relabeling-enhancements
+- `replacement` (String) Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+- `separator` (String) Separator placed between concatenated source label values. default is ';'.
+- `source_labels` (List of String) The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+- `target_label` (String) Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+
+
+<a id="nestedatt--spec--static_configs"></a>
+### Nested Schema for `spec.static_configs`
+
+Optional:
+
+- `labels` (Map of String) Labels assigned to all metrics scraped from the targets.
+- `targets` (List of String) List of targets for this static configuration.
+
+
+<a id="nestedatt--spec--tls_config"></a>
+### Nested Schema for `spec.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--tls_config--ca"></a>
+### Nested Schema for `spec.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--secret))
+
+<a id="nestedatt--spec--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--tls_config--ca--secret"></a>
+### Nested Schema for `spec.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--tls_config--cert"></a>
+### Nested Schema for `spec.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--secret))
+
+<a id="nestedatt--spec--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--tls_config--cert--secret"></a>
+### Nested Schema for `spec.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--tls_config--key_secret"></a>
+### Nested Schema for `spec.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--vm_scrape_params"></a>
+### Nested Schema for `spec.vm_scrape_params`
+
+Optional:
+
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
+- `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
+- `no_stale_markers` (Boolean)
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config))
+- `scrape_align_interval` (String)
+- `scrape_offset` (String)
+- `stream_parse` (Boolean)
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config`
+
+Optional:
+
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth))
+- `bearer_token` (Attributes) SecretKeySelector selects a key of a Secret. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--bearer_token))
+- `bearer_token_file` (String)
+- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config))
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.basic_auth`
+
+Optional:
+
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username))
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.basic_auth.password`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--basic_auth--username"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.basic_auth.username`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--bearer_token"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.bearer_token`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config`
+
+Optional:
+
+- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca))
+- `ca_file` (String) Path to the CA cert in the container to use for the targets.
+- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert))
+- `cert_file` (String) Path to the client cert file in the container for the targets.
+- `insecure_skip_verify` (Boolean) Disable target certificate validation.
+- `key_file` (String) Path to the client key file in the container for the targets.
+- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--key_secret))
+- `server_name` (String) Used to verify the hostname for the targets.
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.ca`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca--secret))
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca--config_map"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.ca.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--ca--secret"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.ca.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.cert`
+
+Optional:
+
+- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert--config_map))
+- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert--secret))
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert--config_map"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.cert.config_map`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--cert--secret"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.cert.secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
+
+
+
+<a id="nestedatt--spec--vm_scrape_params--proxy_client_config--tls_config--key_secret"></a>
+### Nested Schema for `spec.vm_scrape_params.proxy_client_config.tls_config.key_secret`
+
+Required:
+
+- `key` (String) The key of the secret to select from. Must be a valid secret key.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest.md
index 0ae7ee060..ec361ddc3 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest.md
@@ -73,26 +73,27 @@ Optional:
 
 - `attach_metadata` (Attributes) AttachMetadata configures metadata attaching from service discovery (see [below for nested schema](#nestedatt--spec--endpoints--attach_metadata))
 - `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--endpoints--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth))
 - `bearer_token_file` (String) File to read bearer token for scraping targets.
-- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--endpoints--bearer_token_secret))
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--endpoints--bearer_token_secret))
 - `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
 - `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
 - `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
 - `interval` (String) Interval at which metrics should be scraped
-- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples before ingestion. (see [below for nested schema](#nestedatt--spec--endpoints--metric_relabel_configs))
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--endpoints--metric_relabel_configs))
 - `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--endpoints--oauth2))
 - `params` (Map of List of String) Optional HTTP URL parameters
 - `path` (String) HTTP path to scrape for metrics.
-- `port` (String) Name of the service port this endpoint refers to. Mutually exclusive with targetPort.
+- `port` (String) Name of the port exposed at Service.
 - `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
-- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--endpoints--relabel_configs))
-- `sample_limit` (Number) SampleLimit defines per-endpoint limit on number of scraped samples that will be accepted.
+- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--endpoints--relabel_configs))
+- `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 - `scheme` (String) HTTP scheme to use for scraping.
 - `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
 - `scrape_timeout` (String) Timeout after which the scrape is ended
 - `series_limit` (Number) SeriesLimit defines per-scrape limit on number of unique time series a single target can expose during all the scrapes on the time window of 24h.
-- `target_port` (String) Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
+- `target_port` (String) TargetPort Name or number of the pod port this endpoint refers to. Mutually exclusive with port.
 - `tls_config` (Attributes) TLSConfig configuration to use when scraping the endpoint (see [below for nested schema](#nestedatt--spec--endpoints--tls_config))
 - `vm_scrape_params` (Attributes) VMScrapeParams defines VictoriaMetrics specific scrape parameters (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params))
 
@@ -122,7 +123,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -132,9 +133,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--endpoints--basic_auth--username))
 
 <a id="nestedatt--spec--endpoints--basic_auth--password"></a>
 ### Nested Schema for `spec.endpoints.basic_auth.password`
@@ -145,7 +146,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -158,7 +159,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -172,7 +173,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -225,7 +226,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -238,7 +239,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -252,7 +253,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -305,7 +306,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -318,7 +319,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -340,7 +341,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -353,7 +354,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -367,7 +368,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -377,13 +378,11 @@ Optional:
 
 Optional:
 
-- `disable_compression` (Boolean)
-- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
 - `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
-- `metric_relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
 - `no_stale_markers` (Boolean)
-- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config))
-- `relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config))
 - `scrape_align_interval` (String)
 - `scrape_offset` (String)
 - `stream_parse` (Boolean)
@@ -403,9 +402,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
 
 <a id="nestedatt--spec--endpoints--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
 ### Nested Schema for `spec.endpoints.vm_scrape_params.proxy_client_config.basic_auth.password`
@@ -416,7 +415,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -429,7 +428,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -443,7 +442,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -478,7 +477,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -491,7 +490,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -513,7 +512,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -526,7 +525,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -540,7 +539,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md
index 9edecc048..7ca3a5dc6 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md
@@ -55,43 +55,45 @@ Optional:
 
 Required:
 
-- `retention_period` (String) RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured retention period https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#retention
+- `retention_period` (String) RetentionPeriod for the stored metrics Note VictoriaMetrics has data/ and indexdb/ folders metrics from data/ removed eventually as soon as partition leaves retention period reverse index data at indexdb rotates once at the half of configured [retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention)
 
 Optional:
 
 - `affinity` (Map of String) Affinity If specified, the pod's scheduling constraints.
-- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.
+- `config_maps` (List of String) ConfigMaps is a list of ConfigMaps in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/configs/CONFIGMAP_NAME folder
 - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers. It can be useful for proxies, backup, etc.
+- `disable_self_service_scrape` (Boolean) DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over 'VM_DISABLESELFSERVICESCRAPECREATION' operator env variable
 - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config))
 - `dns_policy` (String) DNSPolicy sets DNS policy for the pod
-- `extra_args` (Map of String) ExtraArgs that will be passed to VMSingle pod for example remoteWrite.tmpDataPath: /tmp
-- `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMSingle pod
+- `extra_args` (Map of String) ExtraArgs that will be passed to the application container for example remoteWrite.tmpDataPath: /tmp
+- `extra_envs` (List of Map of String) ExtraEnvs that will be passed to the application container
 - `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases))
 - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace
-- `image` (Attributes) Image - docker image settings for VMSingle if no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image))
+- `image` (Attributes) Image - docker image settings if no specified operator uses default version from operator config (see [below for nested schema](#nestedatt--spec--image))
 - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespace to use for pulling images from registries see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets))
-- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the vmSingle configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+- `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 - `insert_ports` (Attributes) InsertPorts - additional listen ports for data ingestion. (see [below for nested schema](#nestedatt--spec--insert_ports))
-- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license))
+- `license` (Attributes) License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) (see [below for nested schema](#nestedatt--spec--license))
 - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod
 - `log_format` (String) LogFormat for VMSingle to be configured with.
 - `log_level` (String) LogLevel for victoria metrics single to be configured with.
+- `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle
 - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on.
 - `paused` (Boolean) Paused If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
 - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. (see [below for nested schema](#nestedatt--spec--pod_metadata))
-- `port` (String) Port listen port
-- `priority_class_name` (String) PriorityClassName assigned to the Pods
+- `port` (String) Port listen address
+- `priority_class_name` (String) PriorityClassName class assigned to the Pods
 - `readiness_gates` (Attributes List) ReadinessGates defines pod readiness gates (see [below for nested schema](#nestedatt--spec--readiness_gates))
 - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod
-- `remove_pvc_after_delete` (Boolean) RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle objest deletion - pvc will be garbage collected by controller manager
-- `replica_count` (Number) ReplicaCount is the expected size of the VMSingle it can be 0 or 1 if you need more - use vm cluster
+- `remove_pvc_after_delete` (Boolean) RemovePvcAfterDelete - if true, controller adds ownership to pvc and after VMSingle object deletion - pvc will be garbage collected by controller manager
+- `replica_count` (Number) ReplicaCount is the expected size of the Application.
 - `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources))
-- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the StatefulSet's revision history. Defaults to 10.
+- `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment or maximum number of revisions that will be maintained in the Deployment revision history. Has no effect at StatefulSets Defaults to 10.
 - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod. https://kubernetes.io/docs/concepts/containers/runtime-class/
 - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name
-- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the VMSingle object, which shall be mounted into the VMSingle Pods.
+- `secrets` (List of String) Secrets is a list of Secrets in the same namespace as the Application object, which shall be mounted into the Application container at /etc/vm/secrets/SECRET_NAME folder
 - `security_context` (Map of String) SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.
-- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the VMSingle Pods.
+- `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run the pods
 - `service_scrape_spec` (Map of String) ServiceScrapeSpec that will be added to vmsingle VMServiceScrape spec
 - `service_spec` (Attributes) ServiceSpec that will be added to vmsingle service spec (see [below for nested schema](#nestedatt--spec--service_spec))
 - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod
@@ -102,10 +104,11 @@ Optional:
 - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination
 - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations))
 - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+- `use_default_resources` (Boolean) UseDefaultResources controls resource settings By default, operator sets built-in resource requirements
 - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for component it restricts disk writes access uses non-root user out of the box drops not needed security permissions
 - `vm_backup` (Attributes) VMBackup configuration for backup (see [below for nested schema](#nestedatt--spec--vm_backup))
-- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the VMSingle container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--volume_mounts))
-- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output deploy definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+- `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the Application container (see [below for nested schema](#nestedatt--spec--volume_mounts))
+- `volumes` (List of Map of String) Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition. Volumes specified will be appended to other volumes that are generated. / +optional
 
 <a id="nestedatt--spec--dns_config"></a>
 ### Nested Schema for `spec.dns_config`
@@ -129,10 +132,13 @@ Optional:
 <a id="nestedatt--spec--host_aliases"></a>
 ### Nested Schema for `spec.host_aliases`
 
+Required:
+
+- `ip` (String) IP address of the host file entry.
+
 Optional:
 
 - `hostnames` (List of String) Hostnames for the above IP address.
-- `ip` (String) IP address of the host file entry.
 
 
 <a id="nestedatt--spec--image"></a>
@@ -150,7 +156,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 
 <a id="nestedatt--spec--insert_ports"></a>
@@ -169,7 +175,7 @@ Optional:
 
 Optional:
 
-- `key` (String) Enterprise license key. This flag is available only in VictoriaMetrics enterprise. Documentation - https://docs.victoriametrics.com/enterprise.html for more information, visit https://victoriametrics.com/products/enterprise/ . To request a trial license, go to https://victoriametrics.com/products/enterprise/trial/
+- `key` (String) Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). To request a trial license, [go to](https://victoriametrics.com/products/enterprise/trial)
 - `key_ref` (Attributes) KeyRef is reference to secret with license key for enterprise features. (see [below for nested schema](#nestedatt--spec--license--key_ref))
 
 <a id="nestedatt--spec--license--key_ref"></a>
@@ -181,7 +187,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -256,6 +262,7 @@ Optional:
 - `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--storage--resources))
 - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--storage--selector))
 - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim.
 
@@ -291,18 +298,9 @@ Optional:
 
 Optional:
 
-- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--storage--resources--claims))
 - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-<a id="nestedatt--spec--storage--resources--claims"></a>
-### Nested Schema for `spec.storage.resources.claims`
-
-Required:
-
-- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
-
-
 
 <a id="nestedatt--spec--storage--selector"></a>
 ### Nested Schema for `spec.storage.selector`
@@ -340,15 +338,29 @@ Optional:
 <a id="nestedatt--spec--stream_aggr_config"></a>
 ### Nested Schema for `spec.stream_aggr_config`
 
-Required:
-
-- `rules` (Attributes List) Stream aggregation rules (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules))
-
 Optional:
 
+- `configmap` (Attributes) ConfigMap with stream aggregation rules (see [below for nested schema](#nestedatt--spec--stream_aggr_config--configmap))
 - `dedup_interval` (String) Allows setting different de-duplication intervals per each configured remote storage
 - `drop_input` (Boolean) Allow drop all the input samples after the aggregation
+- `drop_input_labels` (List of String) labels to drop from samples for aggregator before stream de-duplication and aggregation
+- `ignore_first_intervals` (Number) IgnoreFirstIntervals instructs to ignore first interval
+- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
 - `keep_input` (Boolean) Allows writing both raw and aggregate data
+- `rules` (Attributes List) Stream aggregation rules (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules))
+
+<a id="nestedatt--spec--stream_aggr_config--configmap"></a>
+### Nested Schema for `spec.stream_aggr_config.configmap`
+
+Required:
+
+- `key` (String) The key to select.
+
+Optional:
+
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
+
 
 <a id="nestedatt--spec--stream_aggr_config--rules"></a>
 ### Nested Schema for `spec.stream_aggr_config.rules`
@@ -364,6 +376,7 @@ Optional:
 - `dedup_interval` (String) DedupInterval is an optional interval for deduplication.
 - `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. Labels are dropped before de-duplication and aggregation.
 - `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process termination or config reload. Is 'false' by default. It is not recommended changing this setting, unless unfinished aggregations states are preferred to missing data points.
+- `ignore_first_intervals` (Number)
 - `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.
 - `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the input before aggregation. (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules--input_relabel_configs))
 - `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.
@@ -443,7 +456,7 @@ Optional:
 - `log_level` (String) LogLevel for VMBackup to be configured with.
 - `port` (String) Port for health check connections
 - `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--vm_backup--resources))
-- `restore` (Attributes) Restore Allows to enable restore options for pod Read more: https://docs.victoriametrics.com/vmbackupmanager.html#restore-commands (see [below for nested schema](#nestedatt--spec--vm_backup--restore))
+- `restore` (Attributes) Restore Allows to enable restore options for pod Read [more](https://docs.victoriametrics.com/vmbackupmanager#restore-commands) (see [below for nested schema](#nestedatt--spec--vm_backup--restore))
 - `snapshot_create_url` (String) SnapshotCreateURL overwrites url for snapshot create
 - `snapshot_delete_url` (String) SnapShotDeleteURL overwrites url for snapshot delete
 - `volume_mounts` (Attributes List) VolumeMounts allows configuration of additional VolumeMounts on the output Deployment definition. VolumeMounts specified will be appended to other VolumeMounts in the vmbackupmanager container, that are generated as a result of StorageSpec objects. (see [below for nested schema](#nestedatt--spec--vm_backup--volume_mounts))
@@ -457,7 +470,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -492,7 +505,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -530,7 +543,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -590,8 +603,9 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
 
@@ -607,7 +621,8 @@ Required:
 
 Optional:
 
-- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled.
 - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root).
 - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive.
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest.md
index 35b17eb0f..d2c65151d 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest.md
@@ -73,21 +73,21 @@ Required:
 Optional:
 
 - `authorization` (Attributes) Authorization with http header Authorization (see [below for nested schema](#nestedatt--spec--target_endpoints--authorization))
-- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth))
+- `basic_auth` (Attributes) BasicAuth allow an endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth))
 - `bearer_token_file` (String) File to read bearer token for scraping targets.
-- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service scrape and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--target_endpoints--bearer_token_secret))
+- `bearer_token_secret` (Attributes) Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the scrape object and accessible by the victoria-metrics operator. (see [below for nested schema](#nestedatt--spec--target_endpoints--bearer_token_secret))
 - `follow_redirects` (Boolean) FollowRedirects controls redirects for scraping.
 - `honor_labels` (Boolean) HonorLabels chooses the metric's labels on collisions with target labels.
 - `honor_timestamps` (Boolean) HonorTimestamps controls whether vmagent respects the timestamps present in scraped data.
 - `interval` (String) Interval at which metrics should be scraped
 - `labels` (Map of String) Labels static labels for targets.
-- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples before ingestion. (see [below for nested schema](#nestedatt--spec--target_endpoints--metric_relabel_configs))
+- `max_scrape_size` (String) MaxScrapeSize defines a maximum size of scraped data for a job
+- `metric_relabel_configs` (Attributes List) MetricRelabelConfigs to apply to samples after scrapping. (see [below for nested schema](#nestedatt--spec--target_endpoints--metric_relabel_configs))
 - `oauth2` (Attributes) OAuth2 defines auth configuration (see [below for nested schema](#nestedatt--spec--target_endpoints--oauth2))
 - `params` (Map of List of String) Optional HTTP URL parameters
 - `path` (String) HTTP path to scrape for metrics.
-- `port` (String) Default port for target.
 - `proxy_url` (String) ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
-- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config (see [below for nested schema](#nestedatt--spec--target_endpoints--relabel_configs))
+- `relabel_configs` (Attributes List) RelabelConfigs to apply to samples during service discovery. (see [below for nested schema](#nestedatt--spec--target_endpoints--relabel_configs))
 - `sample_limit` (Number) SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 - `scheme` (String) HTTP scheme to use for scraping.
 - `scrape_interval` (String) ScrapeInterval is the same as Interval and has priority over it. one of scrape_interval or interval can be used
@@ -114,7 +114,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -124,9 +124,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--target_endpoints--basic_auth--username))
 
 <a id="nestedatt--spec--target_endpoints--basic_auth--password"></a>
 ### Nested Schema for `spec.target_endpoints.basic_auth.password`
@@ -137,7 +137,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -150,7 +150,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -164,7 +164,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -217,7 +217,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -230,7 +230,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -244,7 +244,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -297,7 +297,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -310,7 +310,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -332,7 +332,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -345,7 +345,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -359,7 +359,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -369,13 +369,11 @@ Optional:
 
 Optional:
 
-- `disable_compression` (Boolean)
-- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent.html#scrape_config-enhancements
+- `disable_compression` (Boolean) DisableCompression
+- `disable_keep_alive` (Boolean) disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets could be re-used. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements
 - `headers` (List of String) Headers allows sending custom headers to scrape targets must be in of semicolon separated header with it's value eg: headerName: headerValue vmagent supports since 1.79.0 version
-- `metric_relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
 - `no_stale_markers` (Boolean)
-- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent.html#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config))
-- `relabel_debug` (Boolean) deprecated since [v1.85](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.85.0), will be removed in next release
+- `proxy_client_config` (Attributes) ProxyClientConfig configures proxy auth settings for scraping See feature description https://docs.victoriametrics.com/vmagent#scraping-targets-via-a-proxy (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config))
 - `scrape_align_interval` (String)
 - `scrape_offset` (String)
 - `stream_parse` (Boolean)
@@ -395,9 +393,9 @@ Optional:
 
 Optional:
 
-- `password` (Attributes) The secret in the service scrape namespace that contains the password for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
-- `password_file` (String) PasswordFile defines path to password file at disk
-- `username` (Attributes) The secret in the service scrape namespace that contains the username for authentication. It must be at them same namespace as CRD (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
+- `password` (Attributes) Password defines reference for secret with password value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password))
+- `password_file` (String) PasswordFile defines path to password file at disk must be pre-mounted
+- `username` (Attributes) Username defines reference for secret with username value The secret needs to be in the same namespace as scrape object (see [below for nested schema](#nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config--basic_auth--username))
 
 <a id="nestedatt--spec--target_endpoints--vm_scrape_params--proxy_client_config--basic_auth--password"></a>
 ### Nested Schema for `spec.target_endpoints.vm_scrape_params.proxy_client_config.basic_auth.password`
@@ -408,7 +406,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -421,7 +419,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -435,7 +433,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -470,7 +468,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -483,7 +481,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -505,7 +503,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -518,7 +516,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -532,5 +530,5 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md
index 4ada8c0d4..19e53e154 100644
--- a/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md
+++ b/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md
@@ -63,11 +63,11 @@ Optional:
 - `default_url` (List of String) DefaultURLs backend url for non-matching paths filter usually used for default backend with error message
 - `disable_secret_creation` (Boolean) DisableSecretCreation skips related secret creation for vmuser
 - `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
-- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details.
 - `generate_password` (Boolean) GeneratePassword instructs operator to generate password for user if spec.password if empty.
 - `headers` (List of String) Headers represent additional http headers, that vmauth uses in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.68.0 version of vmauth
-- `ip_filters` (Attributes) IPFilters defines per target src ip filters supported only with enterprise version of vmauth https://docs.victoriametrics.com/vmauth.html#ip-filters (see [below for nested schema](#nestedatt--spec--ip_filters))
-- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')
+- `ip_filters` (Attributes) IPFilters defines per target src ip filters supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) (see [below for nested schema](#nestedatt--spec--ip_filters))
+- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default 'least_loaded')
 - `max_concurrent_requests` (Number) MaxConcurrentRequests defines max concurrent requests per user 300 is default value for vmauth
 - `metric_labels` (Map of String) MetricLabels - additional labels for metrics exported by vmauth for given user.
 - `name` (String) Name of the VMUser object.
@@ -86,10 +86,10 @@ Optional:
 
 - `crd` (Attributes) CRD describes exist operator's CRD object, operator generates access url based on CRD params. (see [below for nested schema](#nestedatt--spec--target_refs--crd))
 - `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.
-- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
+- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details.
 - `headers` (List of String) RequestHeaders represent additional http headers, that vmauth uses in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.68.0 version of vmauth
 - `hosts` (List of String)
-- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')
+- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls. Supported policies: least_loaded, first_available. See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default 'least_loaded')
 - `paths` (List of String) Paths - matched path to route.
 - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request response in form of ['header_key: header_value'] multiple values for header key: ['header_key: value1,value2'] it's available since 1.93.0 version of vmauth
 - `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retries Can be defined per target or at VMUser.spec level e.g. [429,503]
@@ -104,7 +104,7 @@ Optional:
 
 Required:
 
-- `kind` (String) Kind one of: VMAgent VMAlert VMCluster VMSingle or VMAlertManager
+- `kind` (String) Kind one of: VMAgent,VMAlert, VMSingle, VMCluster/vmselect, VMCluster/vmstorage,VMCluster/vminsert or VMAlertManager
 - `name` (String) Name target CRD object name
 - `namespace` (String) Namespace target CRD object namespace.
 
@@ -135,7 +135,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -148,7 +148,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -172,7 +172,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -207,7 +207,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -220,7 +220,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -242,7 +242,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -255,7 +255,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -269,7 +269,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -283,5 +283,5 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
diff --git a/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md b/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md
index eebe553f5..521a6d242 100644
--- a/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md
+++ b/docs/data-sources/org_eclipse_che_che_cluster_v2_manifest.md
@@ -92,7 +92,9 @@ Optional:
 Optional:
 
 - `containers` (Attributes List) List of containers belonging to the pod. (see [below for nested schema](#nestedatt--spec--components--che_server--deployment--containers))
+- `node_selector` (Map of String) The node selector limits the nodes that can run the pod.
 - `security_context` (Attributes) Security options the pod should run with. (see [below for nested schema](#nestedatt--spec--components--che_server--deployment--security_context))
+- `tolerations` (Attributes List) The pod tolerations of the component pod limit where the pod can run. (see [below for nested schema](#nestedatt--spec--components--che_server--deployment--tolerations))
 
 <a id="nestedatt--spec--components--che_server--deployment--containers"></a>
 ### Nested Schema for `spec.components.che_server.deployment.containers`
@@ -217,6 +219,18 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. The default value is '1724'.
 
 
+<a id="nestedatt--spec--components--che_server--deployment--tolerations"></a>
+### Nested Schema for `spec.components.che_server.deployment.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
 
 <a id="nestedatt--spec--components--che_server--proxy"></a>
 ### Nested Schema for `spec.components.che_server.proxy`
@@ -263,7 +277,9 @@ Required:
 Optional:
 
 - `containers` (Attributes List) List of containers belonging to the pod. (see [below for nested schema](#nestedatt--spec--components--dashboard--deployment--containers))
+- `node_selector` (Map of String) The node selector limits the nodes that can run the pod.
 - `security_context` (Attributes) Security options the pod should run with. (see [below for nested schema](#nestedatt--spec--components--dashboard--deployment--security_context))
+- `tolerations` (Attributes List) The pod tolerations of the component pod limit where the pod can run. (see [below for nested schema](#nestedatt--spec--components--dashboard--deployment--tolerations))
 
 <a id="nestedatt--spec--components--dashboard--deployment--containers"></a>
 ### Nested Schema for `spec.components.dashboard.deployment.containers`
@@ -388,6 +404,18 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. The default value is '1724'.
 
 
+<a id="nestedatt--spec--components--dashboard--deployment--tolerations"></a>
+### Nested Schema for `spec.components.dashboard.deployment.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
 
 <a id="nestedatt--spec--components--dashboard--header_message"></a>
 ### Nested Schema for `spec.components.dashboard.header_message`
@@ -422,7 +450,9 @@ Optional:
 Optional:
 
 - `containers` (Attributes List) List of containers belonging to the pod. (see [below for nested schema](#nestedatt--spec--components--devfile_registry--deployment--containers))
+- `node_selector` (Map of String) The node selector limits the nodes that can run the pod.
 - `security_context` (Attributes) Security options the pod should run with. (see [below for nested schema](#nestedatt--spec--components--devfile_registry--deployment--security_context))
+- `tolerations` (Attributes List) The pod tolerations of the component pod limit where the pod can run. (see [below for nested schema](#nestedatt--spec--components--devfile_registry--deployment--tolerations))
 
 <a id="nestedatt--spec--components--devfile_registry--deployment--containers"></a>
 ### Nested Schema for `spec.components.devfile_registry.deployment.containers`
@@ -547,6 +577,18 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. The default value is '1724'.
 
 
+<a id="nestedatt--spec--components--devfile_registry--deployment--tolerations"></a>
+### Nested Schema for `spec.components.devfile_registry.deployment.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
 
 <a id="nestedatt--spec--components--devfile_registry--external_devfile_registries"></a>
 ### Nested Schema for `spec.components.devfile_registry.external_devfile_registries`
@@ -610,7 +652,9 @@ Optional:
 Optional:
 
 - `containers` (Attributes List) List of containers belonging to the pod. (see [below for nested schema](#nestedatt--spec--components--plugin_registry--deployment--containers))
+- `node_selector` (Map of String) The node selector limits the nodes that can run the pod.
 - `security_context` (Attributes) Security options the pod should run with. (see [below for nested schema](#nestedatt--spec--components--plugin_registry--deployment--security_context))
+- `tolerations` (Attributes List) The pod tolerations of the component pod limit where the pod can run. (see [below for nested schema](#nestedatt--spec--components--plugin_registry--deployment--tolerations))
 
 <a id="nestedatt--spec--components--plugin_registry--deployment--containers"></a>
 ### Nested Schema for `spec.components.plugin_registry.deployment.containers`
@@ -735,6 +779,18 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. The default value is '1724'.
 
 
+<a id="nestedatt--spec--components--plugin_registry--deployment--tolerations"></a>
+### Nested Schema for `spec.components.plugin_registry.deployment.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
 
 <a id="nestedatt--spec--components--plugin_registry--external_plugin_registries"></a>
 ### Nested Schema for `spec.components.plugin_registry.external_plugin_registries`
@@ -1937,7 +1993,9 @@ Optional:
 Optional:
 
 - `containers` (Attributes List) List of containers belonging to the pod. (see [below for nested schema](#nestedatt--spec--networking--auth--gateway--deployment--containers))
+- `node_selector` (Map of String) The node selector limits the nodes that can run the pod.
 - `security_context` (Attributes) Security options the pod should run with. (see [below for nested schema](#nestedatt--spec--networking--auth--gateway--deployment--security_context))
+- `tolerations` (Attributes List) The pod tolerations of the component pod limit where the pod can run. (see [below for nested schema](#nestedatt--spec--networking--auth--gateway--deployment--tolerations))
 
 <a id="nestedatt--spec--networking--auth--gateway--deployment--containers"></a>
 ### Nested Schema for `spec.networking.auth.gateway.deployment.containers`
@@ -2062,6 +2120,18 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. The default value is '1724'.
 
 
+<a id="nestedatt--spec--networking--auth--gateway--deployment--tolerations"></a>
+### Nested Schema for `spec.networking.auth.gateway.deployment.tolerations`
+
+Optional:
+
+- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+- `operator` (String) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+- `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
 
 <a id="nestedatt--spec--networking--auth--gateway--kube_rbac_proxy"></a>
 ### Nested Schema for `spec.networking.auth.gateway.kube_rbac_proxy`
diff --git a/docs/data-sources/policy_karmada_io_cluster_override_policy_v1alpha1_manifest.md b/docs/data-sources/policy_karmada_io_cluster_override_policy_v1alpha1_manifest.md
index 5db0b2a94..1e6c2657c 100644
--- a/docs/data-sources/policy_karmada_io_cluster_override_policy_v1alpha1_manifest.md
+++ b/docs/data-sources/policy_karmada_io_cluster_override_policy_v1alpha1_manifest.md
@@ -75,6 +75,7 @@ Optional:
 - `annotations_overrider` (Attributes List) AnnotationsOverrider represents the rules dedicated to handling workload annotations (see [below for nested schema](#nestedatt--spec--override_rules--overriders--annotations_overrider))
 - `args_overrider` (Attributes List) ArgsOverrider represents the rules dedicated to handling container args (see [below for nested schema](#nestedatt--spec--override_rules--overriders--args_overrider))
 - `command_overrider` (Attributes List) CommandOverrider represents the rules dedicated to handling container command (see [below for nested schema](#nestedatt--spec--override_rules--overriders--command_overrider))
+- `field_overrider` (Attributes List) FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider))
 - `image_overrider` (Attributes List) ImageOverrider represents the rules dedicated to handling image overrides. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--image_overrider))
 - `labels_overrider` (Attributes List) LabelsOverrider represents the rules dedicated to handling workload labels (see [below for nested schema](#nestedatt--spec--override_rules--overriders--labels_overrider))
 - `plaintext` (Attributes List) Plaintext represents override rules defined with plaintext overriders. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--plaintext))
@@ -117,6 +118,45 @@ Optional:
 - `value` (List of String) Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same.
 
 
+<a id="nestedatt--spec--override_rules--overriders--field_overrider"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider`
+
+Required:
+
+- `field_path` (String) FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path '/data/db-config.yaml' specifies the configuration data key named 'db-config.yaml' in a ConfigMap: '/data/db-config.yaml'.
+
+Optional:
+
+- `json` (Attributes List) JSON represents the operations performed on the JSON document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider--json))
+- `yaml` (Attributes List) YAML represents the operations performed on the YAML document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider--yaml))
+
+<a id="nestedatt--spec--override_rules--overriders--field_overrider--json"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider.json`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+<a id="nestedatt--spec--override_rules--overriders--field_overrider--yaml"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider.yaml`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+
 <a id="nestedatt--spec--override_rules--overriders--image_overrider"></a>
 ### Nested Schema for `spec.override_rules.overriders.image_overrider`
 
@@ -228,6 +268,7 @@ Optional:
 - `annotations_overrider` (Attributes List) AnnotationsOverrider represents the rules dedicated to handling workload annotations (see [below for nested schema](#nestedatt--spec--overriders--annotations_overrider))
 - `args_overrider` (Attributes List) ArgsOverrider represents the rules dedicated to handling container args (see [below for nested schema](#nestedatt--spec--overriders--args_overrider))
 - `command_overrider` (Attributes List) CommandOverrider represents the rules dedicated to handling container command (see [below for nested schema](#nestedatt--spec--overriders--command_overrider))
+- `field_overrider` (Attributes List) FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider))
 - `image_overrider` (Attributes List) ImageOverrider represents the rules dedicated to handling image overrides. (see [below for nested schema](#nestedatt--spec--overriders--image_overrider))
 - `labels_overrider` (Attributes List) LabelsOverrider represents the rules dedicated to handling workload labels (see [below for nested schema](#nestedatt--spec--overriders--labels_overrider))
 - `plaintext` (Attributes List) Plaintext represents override rules defined with plaintext overriders. (see [below for nested schema](#nestedatt--spec--overriders--plaintext))
@@ -270,6 +311,45 @@ Optional:
 - `value` (List of String) Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same.
 
 
+<a id="nestedatt--spec--overriders--field_overrider"></a>
+### Nested Schema for `spec.overriders.field_overrider`
+
+Required:
+
+- `field_path` (String) FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path '/data/db-config.yaml' specifies the configuration data key named 'db-config.yaml' in a ConfigMap: '/data/db-config.yaml'.
+
+Optional:
+
+- `json` (Attributes List) JSON represents the operations performed on the JSON document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider--json))
+- `yaml` (Attributes List) YAML represents the operations performed on the YAML document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider--yaml))
+
+<a id="nestedatt--spec--overriders--field_overrider--json"></a>
+### Nested Schema for `spec.overriders.field_overrider.json`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+<a id="nestedatt--spec--overriders--field_overrider--yaml"></a>
+### Nested Schema for `spec.overriders.field_overrider.yaml`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+
 <a id="nestedatt--spec--overriders--image_overrider"></a>
 ### Nested Schema for `spec.overriders.image_overrider`
 
diff --git a/docs/data-sources/policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest.md b/docs/data-sources/policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest.md
index a4807a7bc..79c8c5d90 100644
--- a/docs/data-sources/policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest.md
+++ b/docs/data-sources/policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest.md
@@ -64,6 +64,7 @@ Optional:
 - `failover` (Attributes) Failover indicates how Karmada migrates applications in case of failures. If this value is nil, failover is disabled. (see [below for nested schema](#nestedatt--spec--failover))
 - `placement` (Attributes) Placement represents the rule for select clusters to propagate resources. (see [below for nested schema](#nestedatt--spec--placement))
 - `preemption` (String) Preemption declares the behaviors for preempting. Valid options are 'Always' and 'Never'.
+- `preserve_resources_on_deletion` (Boolean) PreserveResourcesOnDeletion controls whether resources should be preserved on the member clusters when the resource template is deleted. If set to true, resources will be preserved on the member clusters. Default is false, which means resources will be deleted along with the resource template. This setting is particularly useful during workload migration scenarios to ensure that rollback can occur quickly without affecting the workloads running on the member clusters. Additionally, this setting applies uniformly across all member clusters and will not selectively control preservation on only some clusters. Note: This setting does not apply to the deletion of the policy itself. When the policy is deleted, the resource templates and their corresponding propagated resources in member clusters will remain unchanged unless explicitly deleted.
 - `priority` (Number) Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy). A policy will be applied for the matched resource templates if there is no other policies with higher priority at the point of the resource template be processed. Once a resource template has been claimed by a policy, by default it will not be preempted by following policies even with a higher priority. See Preemption for more details. In case of two policies have the same priority, the one with a more precise matching rules in ResourceSelectors wins: - matching by name(resourceSelector.name) has higher priority than by selector(resourceSelector.labelSelector) - matching by selector(resourceSelector.labelSelector) has higher priority than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind). If there is still no winner at this point, the one with the lower alphabetic order wins, e.g. policy 'bar' has higher priority than 'foo'. The higher the value, the higher the priority. Defaults to zero.
 - `propagate_deps` (Boolean) PropagateDeps tells if relevant resources should be propagated automatically. Take 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true', the referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be propagated along with the Deployment. In addition to the propagating process, the referencing resources will be migrated along with the Deployment in the fail-over scenario. Defaults to false.
 - `scheduler_name` (String) SchedulerName represents which scheduler to proceed the scheduling. If specified, the policy will be dispatched by specified scheduler. If not specified, the policy will be dispatched by default scheduler.
diff --git a/docs/data-sources/policy_karmada_io_override_policy_v1alpha1_manifest.md b/docs/data-sources/policy_karmada_io_override_policy_v1alpha1_manifest.md
index 8e6127e6e..6f864c3a4 100644
--- a/docs/data-sources/policy_karmada_io_override_policy_v1alpha1_manifest.md
+++ b/docs/data-sources/policy_karmada_io_override_policy_v1alpha1_manifest.md
@@ -77,6 +77,7 @@ Optional:
 - `annotations_overrider` (Attributes List) AnnotationsOverrider represents the rules dedicated to handling workload annotations (see [below for nested schema](#nestedatt--spec--override_rules--overriders--annotations_overrider))
 - `args_overrider` (Attributes List) ArgsOverrider represents the rules dedicated to handling container args (see [below for nested schema](#nestedatt--spec--override_rules--overriders--args_overrider))
 - `command_overrider` (Attributes List) CommandOverrider represents the rules dedicated to handling container command (see [below for nested schema](#nestedatt--spec--override_rules--overriders--command_overrider))
+- `field_overrider` (Attributes List) FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider))
 - `image_overrider` (Attributes List) ImageOverrider represents the rules dedicated to handling image overrides. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--image_overrider))
 - `labels_overrider` (Attributes List) LabelsOverrider represents the rules dedicated to handling workload labels (see [below for nested schema](#nestedatt--spec--override_rules--overriders--labels_overrider))
 - `plaintext` (Attributes List) Plaintext represents override rules defined with plaintext overriders. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--plaintext))
@@ -119,6 +120,45 @@ Optional:
 - `value` (List of String) Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same.
 
 
+<a id="nestedatt--spec--override_rules--overriders--field_overrider"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider`
+
+Required:
+
+- `field_path` (String) FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path '/data/db-config.yaml' specifies the configuration data key named 'db-config.yaml' in a ConfigMap: '/data/db-config.yaml'.
+
+Optional:
+
+- `json` (Attributes List) JSON represents the operations performed on the JSON document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider--json))
+- `yaml` (Attributes List) YAML represents the operations performed on the YAML document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--override_rules--overriders--field_overrider--yaml))
+
+<a id="nestedatt--spec--override_rules--overriders--field_overrider--json"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider.json`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+<a id="nestedatt--spec--override_rules--overriders--field_overrider--yaml"></a>
+### Nested Schema for `spec.override_rules.overriders.field_overrider.yaml`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+
 <a id="nestedatt--spec--override_rules--overriders--image_overrider"></a>
 ### Nested Schema for `spec.override_rules.overriders.image_overrider`
 
@@ -230,6 +270,7 @@ Optional:
 - `annotations_overrider` (Attributes List) AnnotationsOverrider represents the rules dedicated to handling workload annotations (see [below for nested schema](#nestedatt--spec--overriders--annotations_overrider))
 - `args_overrider` (Attributes List) ArgsOverrider represents the rules dedicated to handling container args (see [below for nested schema](#nestedatt--spec--overriders--args_overrider))
 - `command_overrider` (Attributes List) CommandOverrider represents the rules dedicated to handling container command (see [below for nested schema](#nestedatt--spec--overriders--command_overrider))
+- `field_overrider` (Attributes List) FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider))
 - `image_overrider` (Attributes List) ImageOverrider represents the rules dedicated to handling image overrides. (see [below for nested schema](#nestedatt--spec--overriders--image_overrider))
 - `labels_overrider` (Attributes List) LabelsOverrider represents the rules dedicated to handling workload labels (see [below for nested schema](#nestedatt--spec--overriders--labels_overrider))
 - `plaintext` (Attributes List) Plaintext represents override rules defined with plaintext overriders. (see [below for nested schema](#nestedatt--spec--overriders--plaintext))
@@ -272,6 +313,45 @@ Optional:
 - `value` (List of String) Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same.
 
 
+<a id="nestedatt--spec--overriders--field_overrider"></a>
+### Nested Schema for `spec.overriders.field_overrider`
+
+Required:
+
+- `field_path` (String) FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path '/data/db-config.yaml' specifies the configuration data key named 'db-config.yaml' in a ConfigMap: '/data/db-config.yaml'.
+
+Optional:
+
+- `json` (Attributes List) JSON represents the operations performed on the JSON document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider--json))
+- `yaml` (Attributes List) YAML represents the operations performed on the YAML document specified by the FieldPath. (see [below for nested schema](#nestedatt--spec--overriders--field_overrider--yaml))
+
+<a id="nestedatt--spec--overriders--field_overrider--json"></a>
+### Nested Schema for `spec.overriders.field_overrider.json`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+<a id="nestedatt--spec--overriders--field_overrider--yaml"></a>
+### Nested Schema for `spec.overriders.field_overrider.yaml`
+
+Required:
+
+- `operator` (String) Operator indicates the operation on target field. Available operators are: 'add', 'remove', and 'replace'.
+- `sub_path` (String) SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.
+
+Optional:
+
+- `value` (Map of String) Value is the new value to set for the specified field if the operation is 'add' or 'replace'. For 'remove' operation, this field is ignored.
+
+
+
 <a id="nestedatt--spec--overriders--image_overrider"></a>
 ### Nested Schema for `spec.overriders.image_overrider`
 
diff --git a/docs/data-sources/policy_karmada_io_propagation_policy_v1alpha1_manifest.md b/docs/data-sources/policy_karmada_io_propagation_policy_v1alpha1_manifest.md
index e056b9793..954d56cac 100644
--- a/docs/data-sources/policy_karmada_io_propagation_policy_v1alpha1_manifest.md
+++ b/docs/data-sources/policy_karmada_io_propagation_policy_v1alpha1_manifest.md
@@ -66,6 +66,7 @@ Optional:
 - `failover` (Attributes) Failover indicates how Karmada migrates applications in case of failures. If this value is nil, failover is disabled. (see [below for nested schema](#nestedatt--spec--failover))
 - `placement` (Attributes) Placement represents the rule for select clusters to propagate resources. (see [below for nested schema](#nestedatt--spec--placement))
 - `preemption` (String) Preemption declares the behaviors for preempting. Valid options are 'Always' and 'Never'.
+- `preserve_resources_on_deletion` (Boolean) PreserveResourcesOnDeletion controls whether resources should be preserved on the member clusters when the resource template is deleted. If set to true, resources will be preserved on the member clusters. Default is false, which means resources will be deleted along with the resource template. This setting is particularly useful during workload migration scenarios to ensure that rollback can occur quickly without affecting the workloads running on the member clusters. Additionally, this setting applies uniformly across all member clusters and will not selectively control preservation on only some clusters. Note: This setting does not apply to the deletion of the policy itself. When the policy is deleted, the resource templates and their corresponding propagated resources in member clusters will remain unchanged unless explicitly deleted.
 - `priority` (Number) Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy). A policy will be applied for the matched resource templates if there is no other policies with higher priority at the point of the resource template be processed. Once a resource template has been claimed by a policy, by default it will not be preempted by following policies even with a higher priority. See Preemption for more details. In case of two policies have the same priority, the one with a more precise matching rules in ResourceSelectors wins: - matching by name(resourceSelector.name) has higher priority than by selector(resourceSelector.labelSelector) - matching by selector(resourceSelector.labelSelector) has higher priority than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind). If there is still no winner at this point, the one with the lower alphabetic order wins, e.g. policy 'bar' has higher priority than 'foo'. The higher the value, the higher the priority. Defaults to zero.
 - `propagate_deps` (Boolean) PropagateDeps tells if relevant resources should be propagated automatically. Take 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true', the referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be propagated along with the Deployment. In addition to the propagating process, the referencing resources will be migrated along with the Deployment in the fail-over scenario. Defaults to false.
 - `scheduler_name` (String) SchedulerName represents which scheduler to proceed the scheduling. If specified, the policy will be dispatched by specified scheduler. If not specified, the policy will be dispatched by default scheduler.
diff --git a/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md b/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md
index 91b0cf9f2..1a8661505 100644
--- a/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md
+++ b/docs/data-sources/postgresql_cnpg_io_cluster_v1_manifest.md
@@ -1031,7 +1031,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1069,7 +1069,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1089,7 +1089,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap must be defined
 
 
@@ -1098,7 +1098,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret must be defined
 
 
@@ -1399,7 +1399,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1412,7 +1412,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1425,7 +1425,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1438,7 +1438,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1762,7 +1762,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1858,7 +1858,7 @@ Optional:
 Optional:
 
 - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--projected_volume_template--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
 
 <a id="nestedatt--spec--projected_volume_template--sources--config_map--items"></a>
@@ -1928,7 +1928,7 @@ Optional:
 Optional:
 
 - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--projected_volume_template--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) optional field specify whether the Secret or its key must be defined
 
 <a id="nestedatt--spec--projected_volume_template--sources--secret--items"></a>
diff --git a/docs/data-sources/postgresql_cnpg_io_pooler_v1_manifest.md b/docs/data-sources/postgresql_cnpg_io_pooler_v1_manifest.md
index b4cb7d985..5593d2ec7 100644
--- a/docs/data-sources/postgresql_cnpg_io_pooler_v1_manifest.md
+++ b/docs/data-sources/postgresql_cnpg_io_pooler_v1_manifest.md
@@ -104,7 +104,7 @@ Required:
 
 Optional:
 
-- `rolling_update` (Attributes) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. (see [below for nested schema](#nestedatt--spec--deployment_strategy--rolling_update))
+- `rolling_update` (Attributes) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. (see [below for nested schema](#nestedatt--spec--deployment_strategy--rolling_update))
 - `type` (String) Type of deployment. Can be 'Recreate' or 'RollingUpdate'. Default is RollingUpdate.
 
 <a id="nestedatt--spec--deployment_strategy--rolling_update"></a>
@@ -363,7 +363,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -401,7 +401,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -421,7 +421,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap must be defined
 
 
@@ -430,7 +430,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret must be defined
 
 
@@ -1398,7 +1398,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -1436,7 +1436,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -1456,7 +1456,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap must be defined
 
 
@@ -1465,7 +1465,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret must be defined
 
 
@@ -1984,7 +1984,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 <a id="nestedatt--spec--template--spec--init_containers"></a>
@@ -2051,7 +2051,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined
 
 
@@ -2089,7 +2089,7 @@ Required:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret or its key must be defined
 
 
@@ -2109,7 +2109,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the ConfigMap must be defined
 
 
@@ -2118,7 +2118,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) Specify whether the Secret must be defined
 
 
@@ -2815,7 +2815,7 @@ Optional:
 - `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--template--spec--volumes--gce_persistent_disk))
 - `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--template--spec--volumes--git_repo))
 - `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--template--spec--volumes--glusterfs))
-- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. (see [below for nested schema](#nestedatt--spec--template--spec--volumes--host_path))
+- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath (see [below for nested schema](#nestedatt--spec--template--spec--volumes--host_path))
 - `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--template--spec--volumes--iscsi))
 - `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--template--spec--volumes--nfs))
 - `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--template--spec--volumes--persistent_volume_claim))
@@ -2838,7 +2838,7 @@ Required:
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 - `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty).
 - `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 
@@ -2892,7 +2892,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -2914,7 +2914,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -2925,7 +2925,7 @@ Optional:
 
 - `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
 - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--template--spec--volumes--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
 
 <a id="nestedatt--spec--template--spec--volumes--config_map--items"></a>
@@ -2961,7 +2961,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -3121,7 +3121,7 @@ Optional:
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+- `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified.
 - `lun` (Number) lun is Optional: FC target lun number
 - `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 - `target_ww_ns` (List of String) targetWWNs is Optional: FC target worldwide names (WWNs)
@@ -3147,7 +3147,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -3169,7 +3169,7 @@ Required:
 
 Optional:
 
-- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+- `fs_type` (String) fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 - `partition` (Number) partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as '1'. Similarly, the volume partition for /dev/sda is '0' (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 
@@ -3225,7 +3225,7 @@ Optional:
 
 - `chap_auth_discovery` (Boolean) chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
 - `chap_auth_session` (Boolean) chapAuthSession defines whether support iSCSI Session CHAP authentication
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
 - `initiator_name` (String) initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
 - `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
 - `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
@@ -3237,7 +3237,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -3353,7 +3353,7 @@ Optional:
 Optional:
 
 - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--template--spec--volumes--projected--sources--config_map--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined
 
 <a id="nestedatt--spec--template--spec--volumes--projected--sources--config_map--items"></a>
@@ -3423,7 +3423,7 @@ Optional:
 Optional:
 
 - `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--template--spec--volumes--projected--sources--secret--items))
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 - `optional` (Boolean) optional field specify whether the Secret or its key must be defined
 
 <a id="nestedatt--spec--template--spec--volumes--projected--sources--secret--items"></a>
@@ -3481,7 +3481,7 @@ Required:
 
 Optional:
 
-- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+- `fs_type` (String) fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
 - `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 - `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
@@ -3493,7 +3493,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -3521,7 +3521,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
@@ -3565,7 +3565,7 @@ Optional:
 
 Optional:
 
-- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop 'kubebuilder:default' when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+- `name` (String) Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 
 
diff --git a/docs/data-sources/psmdb_percona_com_percona_server_mongo_db_v1_manifest.md b/docs/data-sources/psmdb_percona_com_percona_server_mongo_db_v1_manifest.md
index fb2985d7c..93e60b352 100644
--- a/docs/data-sources/psmdb_percona_com_percona_server_mongo_db_v1_manifest.md
+++ b/docs/data-sources/psmdb_percona_com_percona_server_mongo_db_v1_manifest.md
@@ -76,6 +76,7 @@ Optional:
 - `platform` (String)
 - `pmm` (Attributes) (see [below for nested schema](#nestedatt--spec--pmm))
 - `replsets` (Attributes List) (see [below for nested schema](#nestedatt--spec--replsets))
+- `roles` (Attributes List) (see [below for nested schema](#nestedatt--spec--roles))
 - `scheduler_name` (String)
 - `secrets` (Attributes) (see [below for nested schema](#nestedatt--spec--secrets))
 - `sharding` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding))
@@ -252,6 +253,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--backup--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--pod_security_context--windows_options))
 
@@ -327,6 +329,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--backup--storages"></a>
@@ -619,6 +625,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -647,8 +657,10 @@ Optional:
 - `nonvoting` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting))
 - `pod_disruption_budget` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--pod_disruption_budget))
 - `pod_security_context` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--pod_security_context))
+- `primary_prefer_tag_selector` (Map of String)
 - `priority_class_name` (String)
 - `readiness_probe` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--readiness_probe))
+- `replset_overrides` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--replset_overrides))
 - `resources` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--resources))
 - `runtime_class_name` (String)
 - `service_account_name` (String)
@@ -1495,6 +1507,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--arbiter--sidecar_pv_cs"></a>
@@ -1652,6 +1668,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--arbiter--sidecar_volumes--persistent_volume_claim))
@@ -2048,6 +2065,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--replsets--arbiter--sidecar_volumes--image"></a>
+### Nested Schema for `spec.replsets.arbiter.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--replsets--arbiter--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.replsets.arbiter.sidecar_volumes.iscsi`
 
@@ -2877,6 +2903,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--arbiter--sidecars--security_context"></a>
@@ -3213,7 +3243,9 @@ Required:
 
 Optional:
 
+- `horizons` (Map of String)
 - `port` (Number)
+- `tags` (Map of String)
 
 
 <a id="nestedatt--spec--replsets--host_aliases"></a>
@@ -3896,6 +3928,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--pod_security_context--windows_options))
 
@@ -4044,6 +4077,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--nonvoting--sidecar_pv_cs"></a>
@@ -4201,6 +4238,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--nonvoting--sidecar_volumes--persistent_volume_claim))
@@ -4597,6 +4635,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--replsets--nonvoting--sidecar_volumes--image"></a>
+### Nested Schema for `spec.replsets.nonvoting.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--replsets--nonvoting--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.replsets.nonvoting.sidecar_volumes.iscsi`
 
@@ -5426,6 +5473,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--nonvoting--sidecars--security_context"></a>
@@ -5785,6 +5836,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--replsets--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--pod_security_context--windows_options))
 
@@ -5917,6 +5969,16 @@ Optional:
 
 
 
+<a id="nestedatt--spec--replsets--replset_overrides"></a>
+### Nested Schema for `spec.replsets.replset_overrides`
+
+Optional:
+
+- `horizons` (Map of String)
+- `host` (String)
+- `tags` (Map of String)
+
+
 <a id="nestedatt--spec--replsets--resources"></a>
 ### Nested Schema for `spec.replsets.resources`
 
@@ -5933,6 +5995,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--sidecar_pv_cs"></a>
@@ -6090,6 +6156,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--replsets--sidecar_volumes--persistent_volume_claim))
@@ -6486,6 +6553,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--replsets--sidecar_volumes--image"></a>
+### Nested Schema for `spec.replsets.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--replsets--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.replsets.sidecar_volumes.iscsi`
 
@@ -7315,6 +7391,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--replsets--sidecars--security_context"></a>
@@ -7725,6 +7805,61 @@ Optional:
 
 
 
+<a id="nestedatt--spec--roles"></a>
+### Nested Schema for `spec.roles`
+
+Required:
+
+- `db` (String)
+- `privileges` (Attributes List) (see [below for nested schema](#nestedatt--spec--roles--privileges))
+- `role` (String)
+
+Optional:
+
+- `authentication_restrictions` (Attributes List) (see [below for nested schema](#nestedatt--spec--roles--authentication_restrictions))
+- `roles` (Attributes List) (see [below for nested schema](#nestedatt--spec--roles--roles))
+
+<a id="nestedatt--spec--roles--privileges"></a>
+### Nested Schema for `spec.roles.privileges`
+
+Required:
+
+- `actions` (List of String)
+
+Optional:
+
+- `resource` (Attributes) (see [below for nested schema](#nestedatt--spec--roles--privileges--resource))
+
+<a id="nestedatt--spec--roles--privileges--resource"></a>
+### Nested Schema for `spec.roles.privileges.resource`
+
+Optional:
+
+- `cluster` (Boolean)
+- `collection` (String)
+- `db` (String)
+
+
+
+<a id="nestedatt--spec--roles--authentication_restrictions"></a>
+### Nested Schema for `spec.roles.authentication_restrictions`
+
+Optional:
+
+- `client_source` (List of String)
+- `server_address` (List of String)
+
+
+<a id="nestedatt--spec--roles--roles"></a>
+### Nested Schema for `spec.roles.roles`
+
+Required:
+
+- `db` (String)
+- `role` (String)
+
+
+
 <a id="nestedatt--spec--secrets"></a>
 ### Nested Schema for `spec.secrets`
 
@@ -7785,8 +7920,10 @@ Optional:
 - `nonvoting` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting))
 - `pod_disruption_budget` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_disruption_budget))
 - `pod_security_context` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_security_context))
+- `primary_prefer_tag_selector` (Map of String)
 - `priority_class_name` (String)
 - `readiness_probe` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--readiness_probe))
+- `replset_overrides` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--replset_overrides))
 - `resources` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--resources))
 - `runtime_class_name` (String)
 - `service_account_name` (String)
@@ -8633,6 +8770,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_pv_cs"></a>
@@ -8790,6 +8931,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--persistent_volume_claim))
@@ -9186,6 +9328,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--image"></a>
+### Nested Schema for `spec.sharding.configsvr_repl_set.arbiter.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.sharding.configsvr_repl_set.arbiter.sidecar_volumes.iscsi`
 
@@ -10015,6 +10166,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--arbiter--sidecars--security_context"></a>
@@ -10351,7 +10506,9 @@ Required:
 
 Optional:
 
+- `horizons` (Map of String)
 - `port` (Number)
+- `tags` (Map of String)
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--host_aliases"></a>
@@ -11034,6 +11191,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--pod_security_context--windows_options))
 
@@ -11182,6 +11340,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_pv_cs"></a>
@@ -11339,6 +11501,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--persistent_volume_claim))
@@ -11735,6 +11898,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--image"></a>
+### Nested Schema for `spec.sharding.configsvr_repl_set.nonvoting.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.sharding.configsvr_repl_set.nonvoting.sidecar_volumes.iscsi`
 
@@ -12564,6 +12736,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--nonvoting--sidecars--security_context"></a>
@@ -12923,6 +13099,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--pod_security_context--windows_options))
 
@@ -13055,6 +13232,16 @@ Optional:
 
 
 
+<a id="nestedatt--spec--sharding--configsvr_repl_set--replset_overrides"></a>
+### Nested Schema for `spec.sharding.configsvr_repl_set.replset_overrides`
+
+Optional:
+
+- `horizons` (Map of String)
+- `host` (String)
+- `tags` (Map of String)
+
+
 <a id="nestedatt--spec--sharding--configsvr_repl_set--resources"></a>
 ### Nested Schema for `spec.sharding.configsvr_repl_set.resources`
 
@@ -13071,6 +13258,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--sidecar_pv_cs"></a>
@@ -13228,6 +13419,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--persistent_volume_claim))
@@ -13624,6 +13816,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--image"></a>
+### Nested Schema for `spec.sharding.configsvr_repl_set.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--sharding--configsvr_repl_set--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.sharding.configsvr_repl_set.sidecar_volumes.iscsi`
 
@@ -14453,6 +14654,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--configsvr_repl_set--sidecars--security_context"></a>
@@ -15488,6 +15693,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--sharding--mongos--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--pod_security_context--windows_options))
 
@@ -15636,6 +15842,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--mongos--set_parameter"></a>
@@ -15801,6 +16011,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--sharding--mongos--sidecar_volumes--persistent_volume_claim))
@@ -16197,6 +16408,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--sharding--mongos--sidecar_volumes--image"></a>
+### Nested Schema for `spec.sharding.mongos.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--sharding--mongos--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.sharding.mongos.sidecar_volumes.iscsi`
 
@@ -17026,6 +17246,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--sharding--mongos--sidecars--security_context"></a>
@@ -17308,22 +17532,24 @@ Optional:
 
 Required:
 
-- `db` (String)
 - `name` (String)
 - `password_secret_ref` (Attributes) (see [below for nested schema](#nestedatt--spec--users--password_secret_ref))
 - `roles` (Attributes List) (see [below for nested schema](#nestedatt--spec--users--roles))
 
+Optional:
+
+- `db` (String)
+
 <a id="nestedatt--spec--users--password_secret_ref"></a>
 ### Nested Schema for `spec.users.password_secret_ref`
 
 Required:
 
-- `key` (String)
+- `name` (String)
 
 Optional:
 
-- `name` (String)
-- `optional` (Boolean)
+- `key` (String)
 
 
 <a id="nestedatt--spec--users--roles"></a>
diff --git a/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest.md b/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest.md
index 8b9c731a9..61113859d 100644
--- a/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest.md
+++ b/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest.md
@@ -302,3 +302,7 @@ Optional:
 Required:
 
 - `name` (String)
+
+Optional:
+
+- `request` (String)
diff --git a/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_v1_manifest.md b/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_v1_manifest.md
index 34cd65952..3f9c9cc32 100644
--- a/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_v1_manifest.md
+++ b/docs/data-sources/pxc_percona_com_percona_xtra_db_cluster_v1_manifest.md
@@ -131,6 +131,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -747,6 +751,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--storages--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--storages--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--backup--storages--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--backup--storages--pod_security_context--windows_options))
 
@@ -822,6 +827,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--backup--storages--s3"></a>
@@ -1789,6 +1798,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--haproxy--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--pod_security_context--windows_options))
 
@@ -1937,6 +1947,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--haproxy--sidecar_pv_cs"></a>
@@ -2084,6 +2098,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--haproxy--sidecar_volumes"></a>
@@ -2112,6 +2130,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--haproxy--sidecar_volumes--persistent_volume_claim))
@@ -2508,6 +2527,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--haproxy--sidecar_volumes--image"></a>
+### Nested Schema for `spec.haproxy.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--haproxy--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.haproxy.sidecar_volumes.iscsi`
 
@@ -3337,6 +3365,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--haproxy--sidecars--security_context"></a>
@@ -3676,9 +3708,84 @@ Optional:
 
 Optional:
 
+- `container_security_context` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context))
 - `image` (String)
 - `resources` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--resources))
 
+<a id="nestedatt--spec--init_container--container_security_context"></a>
+### Nested Schema for `spec.init_container.container_security_context`
+
+Optional:
+
+- `allow_privilege_escalation` (Boolean)
+- `app_armor_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context--app_armor_profile))
+- `capabilities` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context--capabilities))
+- `privileged` (Boolean)
+- `proc_mount` (String)
+- `read_only_root_filesystem` (Boolean)
+- `run_as_group` (Number)
+- `run_as_non_root` (Boolean)
+- `run_as_user` (Number)
+- `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context--se_linux_options))
+- `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context--seccomp_profile))
+- `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--init_container--container_security_context--windows_options))
+
+<a id="nestedatt--spec--init_container--container_security_context--app_armor_profile"></a>
+### Nested Schema for `spec.init_container.container_security_context.app_armor_profile`
+
+Required:
+
+- `type` (String)
+
+Optional:
+
+- `localhost_profile` (String)
+
+
+<a id="nestedatt--spec--init_container--container_security_context--capabilities"></a>
+### Nested Schema for `spec.init_container.container_security_context.capabilities`
+
+Optional:
+
+- `add` (List of String)
+- `drop` (List of String)
+
+
+<a id="nestedatt--spec--init_container--container_security_context--se_linux_options"></a>
+### Nested Schema for `spec.init_container.container_security_context.se_linux_options`
+
+Optional:
+
+- `level` (String)
+- `role` (String)
+- `type` (String)
+- `user` (String)
+
+
+<a id="nestedatt--spec--init_container--container_security_context--seccomp_profile"></a>
+### Nested Schema for `spec.init_container.container_security_context.seccomp_profile`
+
+Required:
+
+- `type` (String)
+
+Optional:
+
+- `localhost_profile` (String)
+
+
+<a id="nestedatt--spec--init_container--container_security_context--windows_options"></a>
+### Nested Schema for `spec.init_container.container_security_context.windows_options`
+
+Optional:
+
+- `gmsa_credential_spec` (String)
+- `gmsa_credential_spec_name` (String)
+- `host_process` (Boolean)
+- `run_as_user_name` (String)
+
+
+
 <a id="nestedatt--spec--init_container--resources"></a>
 ### Nested Schema for `spec.init_container.resources`
 
@@ -3695,6 +3802,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -3802,6 +3913,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -3911,6 +4026,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 
@@ -4688,6 +4807,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--proxysql--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--pod_security_context--windows_options))
 
@@ -4836,6 +4956,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--proxysql--sidecar_pv_cs"></a>
@@ -4983,6 +5107,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--proxysql--sidecar_volumes"></a>
@@ -5011,6 +5139,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--proxysql--sidecar_volumes--persistent_volume_claim))
@@ -5407,6 +5536,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--proxysql--sidecar_volumes--image"></a>
+### Nested Schema for `spec.proxysql.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--proxysql--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.proxysql.sidecar_volumes.iscsi`
 
@@ -6236,6 +6374,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--proxysql--sidecars--security_context"></a>
@@ -7346,6 +7488,7 @@ Optional:
 - `se_linux_options` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--pod_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--pod_security_context--seccomp_profile))
 - `supplemental_groups` (List of String)
+- `supplemental_groups_policy` (String)
 - `sysctls` (Attributes List) (see [below for nested schema](#nestedatt--spec--pxc--pod_security_context--sysctls))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--pod_security_context--windows_options))
 
@@ -7527,6 +7670,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--pxc--sidecar_pv_cs"></a>
@@ -7674,6 +7821,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--pxc--sidecar_volumes"></a>
@@ -7702,6 +7853,7 @@ Optional:
 - `git_repo` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--git_repo))
 - `glusterfs` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--glusterfs))
 - `host_path` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--host_path))
+- `image` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--image))
 - `iscsi` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--iscsi))
 - `nfs` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--nfs))
 - `persistent_volume_claim` (Attributes) (see [below for nested schema](#nestedatt--spec--pxc--sidecar_volumes--persistent_volume_claim))
@@ -8098,6 +8250,15 @@ Optional:
 - `type` (String)
 
 
+<a id="nestedatt--spec--pxc--sidecar_volumes--image"></a>
+### Nested Schema for `spec.pxc.sidecar_volumes.image`
+
+Optional:
+
+- `pull_policy` (String)
+- `reference` (String)
+
+
 <a id="nestedatt--spec--pxc--sidecar_volumes--iscsi"></a>
 ### Nested Schema for `spec.pxc.sidecar_volumes.iscsi`
 
@@ -8927,6 +9088,10 @@ Required:
 
 - `name` (String)
 
+Optional:
+
+- `request` (String)
+
 
 
 <a id="nestedatt--spec--pxc--sidecars--security_context"></a>
diff --git a/docs/data-sources/resources_teleport_dev_teleport_github_connector_v3_manifest.md b/docs/data-sources/resources_teleport_dev_teleport_github_connector_v3_manifest.md
index 1f0dcfd06..353a676ba 100644
--- a/docs/data-sources/resources_teleport_dev_teleport_github_connector_v3_manifest.md
+++ b/docs/data-sources/resources_teleport_dev_teleport_github_connector_v3_manifest.md
@@ -58,7 +58,7 @@ Optional:
 - `api_endpoint_url` (String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.
 - `client_id` (String) ClientID is the Github OAuth app client ID.
 - `client_redirect_settings` (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see [below for nested schema](#nestedatt--spec--client_redirect_settings))
-- `client_secret` (String) ClientSecret is the Github OAuth app client secret.
+- `client_secret` (String) ClientSecret is the Github OAuth app client secret. This field supports secret lookup. See the operator documentation for more details.
 - `display` (String) Display is the connector display name.
 - `endpoint_url` (String) EndpointURL is the URL of the GitHub instance this connector is for.
 - `redirect_url` (String) RedirectURL is the authorization callback URL.
diff --git a/docs/data-sources/resources_teleport_dev_teleport_oidc_connector_v3_manifest.md b/docs/data-sources/resources_teleport_dev_teleport_oidc_connector_v3_manifest.md
index 0da1dc4ae..c664553e6 100644
--- a/docs/data-sources/resources_teleport_dev_teleport_oidc_connector_v3_manifest.md
+++ b/docs/data-sources/resources_teleport_dev_teleport_oidc_connector_v3_manifest.md
@@ -60,7 +60,7 @@ Optional:
 - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a dynamic mapping from claims to roles. (see [below for nested schema](#nestedatt--spec--claims_to_roles))
 - `client_id` (String) ClientID is the id of the authentication client (Teleport Auth server).
 - `client_redirect_settings` (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see [below for nested schema](#nestedatt--spec--client_redirect_settings))
-- `client_secret` (String) ClientSecret is used to authenticate the client.
+- `client_secret` (String) ClientSecret is used to authenticate the client. This field supports secret lookup. See the operator documentation for more details.
 - `display` (String) Display is the friendly name for this provider.
 - `google_admin_email` (String) GoogleAdminEmail is the email of a google admin to impersonate.
 - `google_service_account` (String) GoogleServiceAccount is a string containing google service account credentials.
diff --git a/docs/data-sources/temporal_io_temporal_cluster_v1beta1_manifest.md b/docs/data-sources/temporal_io_temporal_cluster_v1beta1_manifest.md
index f5f45b16a..d93cf94d1 100644
--- a/docs/data-sources/temporal_io_temporal_cluster_v1beta1_manifest.md
+++ b/docs/data-sources/temporal_io_temporal_cluster_v1beta1_manifest.md
@@ -727,6 +727,7 @@ Optional:
 - `image` (String) Image defines the temporal admin tools docker image the instance should run.
 - `overrides` (Attributes) Overrides adds some overrides to the resources deployed for the ui. (see [below for nested schema](#nestedatt--spec--admintools--overrides))
 - `resources` (Attributes) Compute Resources required by the ui. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--admintools--resources))
+- `version` (String) Version defines the temporal admin tools version the instance should run.
 
 <a id="nestedatt--spec--admintools--overrides"></a>
 ### Nested Schema for `spec.admintools.overrides`
diff --git a/docs/data-sources/traefik_io_middleware_v1alpha1_manifest.md b/docs/data-sources/traefik_io_middleware_v1alpha1_manifest.md
index 9908d4629..979d3d9cf 100644
--- a/docs/data-sources/traefik_io_middleware_v1alpha1_manifest.md
+++ b/docs/data-sources/traefik_io_middleware_v1alpha1_manifest.md
@@ -352,6 +352,7 @@ Optional:
 
 - `depth` (Number) Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 - `excluded_i_ps` (List of String) ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
+- `ipv6_subnet` (Number) IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
 
 
 
@@ -372,6 +373,7 @@ Optional:
 
 - `depth` (Number) Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 - `excluded_i_ps` (List of String) ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
+- `ipv6_subnet` (Number) IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
 
 
 
@@ -390,6 +392,7 @@ Optional:
 
 - `depth` (Number) Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 - `excluded_i_ps` (List of String) ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
+- `ipv6_subnet` (Number) IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
 
 
 
@@ -470,6 +473,7 @@ Optional:
 
 - `depth` (Number) Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 - `excluded_i_ps` (List of String) ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
+- `ipv6_subnet` (Number) IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
 
 
 
diff --git a/docs/data-sources/upgrade_cattle_io_plan_v1_manifest.md b/docs/data-sources/upgrade_cattle_io_plan_v1_manifest.md
index 6b4e423fb..82aaf4f93 100644
--- a/docs/data-sources/upgrade_cattle_io_plan_v1_manifest.md
+++ b/docs/data-sources/upgrade_cattle_io_plan_v1_manifest.md
@@ -180,6 +180,7 @@ Optional:
 Optional:
 
 - `allow_privilege_escalation` (Boolean)
+- `app_armor_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--upgrade--security_context--app_armor_profile))
 - `capabilities` (Attributes) (see [below for nested schema](#nestedatt--spec--upgrade--security_context--capabilities))
 - `privileged` (Boolean)
 - `proc_mount` (String)
@@ -191,6 +192,15 @@ Optional:
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--upgrade--security_context--seccomp_profile))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--upgrade--security_context--windows_options))
 
+<a id="nestedatt--spec--upgrade--security_context--app_armor_profile"></a>
+### Nested Schema for `spec.upgrade.security_context.app_armor_profile`
+
+Optional:
+
+- `localhost_profile` (String)
+- `type` (String)
+
+
 <a id="nestedatt--spec--upgrade--security_context--capabilities"></a>
 ### Nested Schema for `spec.upgrade.security_context.capabilities`
 
@@ -412,6 +422,7 @@ Optional:
 Optional:
 
 - `allow_privilege_escalation` (Boolean)
+- `app_armor_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--prepare--security_context--app_armor_profile))
 - `capabilities` (Attributes) (see [below for nested schema](#nestedatt--spec--prepare--security_context--capabilities))
 - `privileged` (Boolean)
 - `proc_mount` (String)
@@ -423,6 +434,15 @@ Optional:
 - `seccomp_profile` (Attributes) (see [below for nested schema](#nestedatt--spec--prepare--security_context--seccomp_profile))
 - `windows_options` (Attributes) (see [below for nested schema](#nestedatt--spec--prepare--security_context--windows_options))
 
+<a id="nestedatt--spec--prepare--security_context--app_armor_profile"></a>
+### Nested Schema for `spec.prepare.security_context.app_armor_profile`
+
+Optional:
+
+- `localhost_profile` (String)
+- `type` (String)
+
+
 <a id="nestedatt--spec--prepare--security_context--capabilities"></a>
 ### Nested Schema for `spec.prepare.security_context.capabilities`
 
diff --git a/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md b/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md
index 184405483..ce1b01454 100644
--- a/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md
+++ b/docs/data-sources/volsync_backube_replication_destination_v1alpha1_manifest.md
@@ -235,8 +235,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -296,8 +296,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -373,8 +373,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -434,8 +434,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -502,6 +502,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--rclone--mover_security_context"></a>
@@ -517,7 +521,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--windows_options))
 
@@ -746,8 +751,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -807,8 +812,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -884,8 +889,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -945,8 +950,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1013,6 +1018,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--restic--mover_security_context"></a>
@@ -1028,7 +1037,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--windows_options))
 
@@ -1110,6 +1120,7 @@ Optional:
 - `ssh_keys` (String) sshKeys is the name of a Secret that contains the SSH keys to be used for authentication. If not provided, the keys will be generated.
 - `ssh_user` (String) sshUser is the username for outgoing SSH connections. Defaults to 'root'.
 - `storage_class_name` (String) storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+- `volume_mode` (String) Will be used for the dynamic destination PVC created by VolSync. Defaults to 'Filesystem'
 - `volume_snapshot_class_name` (String) volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
 
 <a id="nestedatt--spec--rsync--mover_resources"></a>
@@ -1128,6 +1139,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 
@@ -1150,6 +1165,7 @@ Optional:
 - `service_annotations` (Map of String) serviceAnnotations defines annotations that will be added to the service created for incoming SSH connections. If set, these annotations will be used instead of any VolSync default values.
 - `service_type` (String) serviceType determines the Service type that will be created for incoming TLS connections.
 - `storage_class_name` (String) storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+- `volume_mode` (String) Will be used for the dynamic destination PVC created by VolSync. Defaults to 'Filesystem'
 - `volume_snapshot_class_name` (String) volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
 
 <a id="nestedatt--spec--rsync_tls--mover_affinity"></a>
@@ -1283,8 +1299,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1344,8 +1360,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1421,8 +1437,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1482,8 +1498,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1550,6 +1566,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--rsync_tls--mover_security_context"></a>
@@ -1565,7 +1585,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--windows_options))
 
diff --git a/docs/data-sources/volsync_backube_replication_source_v1alpha1_manifest.md b/docs/data-sources/volsync_backube_replication_source_v1alpha1_manifest.md
index 76dc3366c..98bacc054 100644
--- a/docs/data-sources/volsync_backube_replication_source_v1alpha1_manifest.md
+++ b/docs/data-sources/volsync_backube_replication_source_v1alpha1_manifest.md
@@ -235,8 +235,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -296,8 +296,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -373,8 +373,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -434,8 +434,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rclone--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -502,6 +502,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--rclone--mover_security_context"></a>
@@ -517,7 +521,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--rclone--mover_security_context--windows_options))
 
@@ -743,8 +748,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -804,8 +809,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -881,8 +886,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -942,8 +947,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--restic--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1010,6 +1015,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--restic--mover_security_context"></a>
@@ -1025,7 +1034,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--restic--mover_security_context--windows_options))
 
@@ -1136,6 +1146,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 
@@ -1289,8 +1303,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1350,8 +1364,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1427,8 +1441,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1488,8 +1502,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1556,6 +1570,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--rsync_tls--mover_security_context"></a>
@@ -1571,7 +1589,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--rsync_tls--mover_security_context--windows_options))
 
@@ -1779,8 +1798,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1840,8 +1859,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1917,8 +1936,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--pod_affinity_term--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -1978,8 +1997,8 @@ Required:
 Optional:
 
 - `label_selector` (Attributes) A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector))
-- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
-- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--syncthing--mover_affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector))
 - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'.
 
@@ -2046,6 +2065,10 @@ Required:
 
 - `name` (String) Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+Optional:
+
+- `request` (String) Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 
 
 <a id="nestedatt--spec--syncthing--mover_security_context"></a>
@@ -2061,7 +2084,8 @@ Optional:
 - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 - `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--syncthing--mover_security_context--se_linux_options))
 - `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--syncthing--mover_security_context--seccomp_profile))
-- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+- `supplemental_groups_policy` (String) Defines how supplemental groups of the first container processes are calculated. Valid values are 'Merge' and 'Strict'. If not specified, 'Merge' is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
 - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--syncthing--mover_security_context--sysctls))
 - `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--syncthing--mover_security_context--windows_options))
 
diff --git a/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md b/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md
index e90202f56..7fe020506 100644
--- a/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md
+++ b/docs/data-sources/vpcresources_k8s_aws_cni_node_v1alpha1_manifest.md
@@ -55,7 +55,6 @@ Optional:
 Optional:
 
 - `features` (Attributes List) (see [below for nested schema](#nestedatt--spec--features))
-- `tags` (Map of String) Additional tag key/value added to all network interfaces provisioned by the vpc-resource-controller and VPC-CNI
 
 <a id="nestedatt--spec--features"></a>
 ### Nested Schema for `spec.features`
diff --git a/docs/data-sources/work_karmada_io_cluster_resource_binding_v1alpha2_manifest.md b/docs/data-sources/work_karmada_io_cluster_resource_binding_v1alpha2_manifest.md
index 28cc95f54..a6f80827a 100644
--- a/docs/data-sources/work_karmada_io_cluster_resource_binding_v1alpha2_manifest.md
+++ b/docs/data-sources/work_karmada_io_cluster_resource_binding_v1alpha2_manifest.md
@@ -66,6 +66,7 @@ Optional:
 - `failover` (Attributes) Failover indicates how Karmada migrates applications in case of failures. It inherits directly from the associated PropagationPolicy(or ClusterPropagationPolicy). (see [below for nested schema](#nestedatt--spec--failover))
 - `graceful_eviction_tasks` (Attributes List) GracefulEvictionTasks holds the eviction tasks that are expected to perform the eviction in a graceful way. The intended workflow is: 1. Once the controller(such as 'taint-manager') decided to evict the resource that is referenced by current ResourceBinding or ClusterResourceBinding from a target cluster, it removes(or scale down the replicas) the target from Clusters(.spec.Clusters) and builds a graceful eviction task. 2. The scheduler may perform a re-scheduler and probably select a substitute cluster to take over the evicting workload(resource). 3. The graceful eviction controller takes care of the graceful eviction tasks and performs the final removal after the workload(resource) is available on the substitute cluster or exceed the grace termination period(defaults to 10 minutes). (see [below for nested schema](#nestedatt--spec--graceful_eviction_tasks))
 - `placement` (Attributes) Placement represents the rule for select clusters to propagate resources. (see [below for nested schema](#nestedatt--spec--placement))
+- `preserve_resources_on_deletion` (Boolean) PreserveResourcesOnDeletion controls whether resources should be preserved on the member clusters when the binding object is deleted. If set to true, resources will be preserved on the member clusters. Default is false, which means resources will be deleted along with the binding object. This setting applies to all Work objects created under this binding object.
 - `propagate_deps` (Boolean) PropagateDeps tells if relevant resources should be propagated automatically. It is inherited from PropagationPolicy or ClusterPropagationPolicy. default false.
 - `replica_requirements` (Attributes) ReplicaRequirements represents the requirements required by each replica. (see [below for nested schema](#nestedatt--spec--replica_requirements))
 - `replicas` (Number) Replicas represents the replica number of the referencing resource.
diff --git a/docs/data-sources/work_karmada_io_resource_binding_v1alpha2_manifest.md b/docs/data-sources/work_karmada_io_resource_binding_v1alpha2_manifest.md
index 3bb4eee21..79803214c 100644
--- a/docs/data-sources/work_karmada_io_resource_binding_v1alpha2_manifest.md
+++ b/docs/data-sources/work_karmada_io_resource_binding_v1alpha2_manifest.md
@@ -68,6 +68,7 @@ Optional:
 - `failover` (Attributes) Failover indicates how Karmada migrates applications in case of failures. It inherits directly from the associated PropagationPolicy(or ClusterPropagationPolicy). (see [below for nested schema](#nestedatt--spec--failover))
 - `graceful_eviction_tasks` (Attributes List) GracefulEvictionTasks holds the eviction tasks that are expected to perform the eviction in a graceful way. The intended workflow is: 1. Once the controller(such as 'taint-manager') decided to evict the resource that is referenced by current ResourceBinding or ClusterResourceBinding from a target cluster, it removes(or scale down the replicas) the target from Clusters(.spec.Clusters) and builds a graceful eviction task. 2. The scheduler may perform a re-scheduler and probably select a substitute cluster to take over the evicting workload(resource). 3. The graceful eviction controller takes care of the graceful eviction tasks and performs the final removal after the workload(resource) is available on the substitute cluster or exceed the grace termination period(defaults to 10 minutes). (see [below for nested schema](#nestedatt--spec--graceful_eviction_tasks))
 - `placement` (Attributes) Placement represents the rule for select clusters to propagate resources. (see [below for nested schema](#nestedatt--spec--placement))
+- `preserve_resources_on_deletion` (Boolean) PreserveResourcesOnDeletion controls whether resources should be preserved on the member clusters when the binding object is deleted. If set to true, resources will be preserved on the member clusters. Default is false, which means resources will be deleted along with the binding object. This setting applies to all Work objects created under this binding object.
 - `propagate_deps` (Boolean) PropagateDeps tells if relevant resources should be propagated automatically. It is inherited from PropagationPolicy or ClusterPropagationPolicy. default false.
 - `replica_requirements` (Attributes) ReplicaRequirements represents the requirements required by each replica. (see [below for nested schema](#nestedatt--spec--replica_requirements))
 - `replicas` (Number) Replicas represents the replica number of the referencing resource.
diff --git a/docs/data-sources/work_karmada_io_work_v1alpha1_manifest.md b/docs/data-sources/work_karmada_io_work_v1alpha1_manifest.md
index 65e331455..b6166c0ae 100644
--- a/docs/data-sources/work_karmada_io_work_v1alpha1_manifest.md
+++ b/docs/data-sources/work_karmada_io_work_v1alpha1_manifest.md
@@ -52,7 +52,8 @@ Optional:
 
 Optional:
 
-- `suspend_dispatching` (Boolean) SuspendDispatching controls whether dispatching should be suspended, nil means not suspend. Note: true means stop propagating to all clusters.
+- `preserve_resources_on_deletion` (Boolean) PreserveResourcesOnDeletion controls whether resources should be preserved on the member cluster when the Work object is deleted. If set to true, resources will be preserved on the member cluster. Default is false, which means resources will be deleted along with the Work object.
+- `suspend_dispatching` (Boolean) SuspendDispatching controls whether dispatching should be suspended, nil means not suspend. Note: true means stop propagating to the corresponding member cluster, and does not prevent status collection.
 - `workload` (Attributes) Workload represents the manifest workload to be deployed on managed cluster. (see [below for nested schema](#nestedatt--spec--workload))
 
 <a id="nestedatt--spec--workload"></a>
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_v_logs_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_v_logs_v1beta1_manifest.go
index 25a5ba59c..f0a890db0 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_v_logs_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_v_logs_v1beta1_manifest.go
@@ -63,12 +63,8 @@ type OperatorVictoriametricsComVlogsV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-		Image *struct {
+		HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+		Image       *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 			Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 			Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -419,34 +415,6 @@ func (r *OperatorVictoriametricsComVlogsV1Beta1Manifest) Schema(_ context.Contex
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"image": schema.SingleNestedAttribute{
 						Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 						MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go
index 7749a2f18..4665cabc1 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go
@@ -200,11 +200,7 @@ type OperatorVictoriametricsComVmagentV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
+		HostNetwork              *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
 		IgnoreNamespaceSelectors *bool `tfsdk:"ignore_namespace_selectors" json:"ignoreNamespaceSelectors,omitempty"`
 		Image                    *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
@@ -724,36 +720,32 @@ type OperatorVictoriametricsComVmagentV1Beta1ManifestData struct {
 				Ignore_first_intervals *int64    `tfsdk:"ignore_first_intervals" json:"ignore_first_intervals,omitempty"`
 				Ignore_old_samples     *bool     `tfsdk:"ignore_old_samples" json:"ignore_old_samples,omitempty"`
 				Input_relabel_configs  *[]struct {
-					Action        *string            `tfsdk:"action" json:"action,omitempty"`
-					If            *map[string]string `tfsdk:"if" json:"if,omitempty"`
-					Labels        *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
-					Match         *string            `tfsdk:"match" json:"match,omitempty"`
-					Modulus       *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
-					Regex         *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
-					Replacement   *string            `tfsdk:"replacement" json:"replacement,omitempty"`
-					Separator     *string            `tfsdk:"separator" json:"separator,omitempty"`
-					SourceLabels  *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
-					Source_labels *[]string          `tfsdk:"source_labels" json:"source_labels,omitempty"`
-					TargetLabel   *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
-					Target_label  *string            `tfsdk:"target_label" json:"target_label,omitempty"`
+					Action       *string            `tfsdk:"action" json:"action,omitempty"`
+					If           *map[string]string `tfsdk:"if" json:"if,omitempty"`
+					Labels       *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
+					Match        *string            `tfsdk:"match" json:"match,omitempty"`
+					Modulus      *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
+					Regex        *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
+					Replacement  *string            `tfsdk:"replacement" json:"replacement,omitempty"`
+					Separator    *string            `tfsdk:"separator" json:"separator,omitempty"`
+					SourceLabels *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
+					TargetLabel  *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
 				} `tfsdk:"input_relabel_configs" json:"input_relabel_configs,omitempty"`
 				Interval                   *string            `tfsdk:"interval" json:"interval,omitempty"`
 				Keep_metric_names          *bool              `tfsdk:"keep_metric_names" json:"keep_metric_names,omitempty"`
 				Match                      *map[string]string `tfsdk:"match" json:"match,omitempty"`
 				No_align_flush_to_interval *bool              `tfsdk:"no_align_flush_to_interval" json:"no_align_flush_to_interval,omitempty"`
 				Output_relabel_configs     *[]struct {
-					Action        *string            `tfsdk:"action" json:"action,omitempty"`
-					If            *map[string]string `tfsdk:"if" json:"if,omitempty"`
-					Labels        *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
-					Match         *string            `tfsdk:"match" json:"match,omitempty"`
-					Modulus       *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
-					Regex         *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
-					Replacement   *string            `tfsdk:"replacement" json:"replacement,omitempty"`
-					Separator     *string            `tfsdk:"separator" json:"separator,omitempty"`
-					SourceLabels  *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
-					Source_labels *[]string          `tfsdk:"source_labels" json:"source_labels,omitempty"`
-					TargetLabel   *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
-					Target_label  *string            `tfsdk:"target_label" json:"target_label,omitempty"`
+					Action       *string            `tfsdk:"action" json:"action,omitempty"`
+					If           *map[string]string `tfsdk:"if" json:"if,omitempty"`
+					Labels       *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
+					Match        *string            `tfsdk:"match" json:"match,omitempty"`
+					Modulus      *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
+					Regex        *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
+					Replacement  *string            `tfsdk:"replacement" json:"replacement,omitempty"`
+					Separator    *string            `tfsdk:"separator" json:"separator,omitempty"`
+					SourceLabels *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
+					TargetLabel  *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
 				} `tfsdk:"output_relabel_configs" json:"output_relabel_configs,omitempty"`
 				Outputs            *[]string `tfsdk:"outputs" json:"outputs,omitempty"`
 				Staleness_interval *string   `tfsdk:"staleness_interval" json:"staleness_interval,omitempty"`
@@ -1943,34 +1935,6 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"ignore_namespace_selectors": schema.BoolAttribute{
 						Description:         "IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from scrape objects, and they will only discover endpoints within their current namespace. Defaults to false.",
 						MarkdownDescription: "IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from scrape objects, and they will only discover endpoints within their current namespace. Defaults to false.",
@@ -5783,15 +5747,6 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont
 														Computed:            false,
 													},
 
-													"source_labels": schema.ListAttribute{
-														Description:         "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														MarkdownDescription: "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														ElementType:         types.StringType,
-														Required:            false,
-														Optional:            true,
-														Computed:            false,
-													},
-
 													"target_label": schema.StringAttribute{
 														Description:         "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
 														MarkdownDescription: "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
@@ -5799,14 +5754,6 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont
 														Optional:            true,
 														Computed:            false,
 													},
-
-													"target_label": schema.StringAttribute{
-														Description:         "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														MarkdownDescription: "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														Required:            false,
-														Optional:            true,
-														Computed:            false,
-													},
 												},
 											},
 											Required: false,
@@ -5928,15 +5875,6 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont
 														Computed:            false,
 													},
 
-													"source_labels": schema.ListAttribute{
-														Description:         "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														MarkdownDescription: "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														ElementType:         types.StringType,
-														Required:            false,
-														Optional:            true,
-														Computed:            false,
-													},
-
 													"target_label": schema.StringAttribute{
 														Description:         "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
 														MarkdownDescription: "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
@@ -5944,14 +5882,6 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont
 														Optional:            true,
 														Computed:            false,
 													},
-
-													"target_label": schema.StringAttribute{
-														Description:         "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														MarkdownDescription: "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-														Required:            false,
-														Optional:            true,
-														Computed:            false,
-													},
 												},
 											},
 											Required: false,
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go
index 22a8f1848..a84707295 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go
@@ -100,12 +100,8 @@ type OperatorVictoriametricsComVmalertV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-		Image *struct {
+		HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+		Image       *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 			Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 			Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -842,34 +838,6 @@ func (r *OperatorVictoriametricsComVmalertV1Beta1Manifest) Schema(_ context.Cont
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"image": schema.SingleNestedAttribute{
 						Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 						MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.go
index 08c39055c..240ad8b71 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest.go
@@ -202,12 +202,8 @@ type OperatorVictoriametricsComVmalertmanagerV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-		Image *struct {
+		HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+		Image       *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 			Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 			Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -1610,34 +1606,6 @@ func (r *OperatorVictoriametricsComVmalertmanagerV1Beta1Manifest) Schema(_ conte
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"image": schema.SingleNestedAttribute{
 						Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 						MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go
index 2f005b761..afa02231b 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go
@@ -76,12 +76,8 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-		Image *struct {
+		HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+		Image       *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 			Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 			Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -613,34 +609,6 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"image": schema.SingleNestedAttribute{
 						Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 						MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go
index c209c224a..ef9661a50 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go
@@ -82,13 +82,9 @@ type OperatorVictoriametricsComVmclusterV1Beta1ManifestData struct {
 				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 			} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-			HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-			Host_aliases *[]struct {
-				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-			} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-			Hpa   *map[string]string `tfsdk:"hpa" json:"hpa,omitempty"`
-			Image *struct {
+			HostNetwork *bool              `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+			Hpa         *map[string]string `tfsdk:"hpa" json:"hpa,omitempty"`
+			Image       *struct {
 				PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 				Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 				Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -253,13 +249,9 @@ type OperatorVictoriametricsComVmclusterV1Beta1ManifestData struct {
 				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 			} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-			HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-			Host_aliases *[]struct {
-				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-			} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-			Hpa   *map[string]string `tfsdk:"hpa" json:"hpa,omitempty"`
-			Image *struct {
+			HostNetwork *bool              `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+			Hpa         *map[string]string `tfsdk:"hpa" json:"hpa,omitempty"`
+			Image       *struct {
 				PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 				Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 				Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -486,12 +478,8 @@ type OperatorVictoriametricsComVmclusterV1Beta1ManifestData struct {
 				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 			} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-			HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-			Host_aliases *[]struct {
-				Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-				Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-			} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-			Image *struct {
+			HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+			Image       *struct {
 				PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 				Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 				Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -1023,34 +1011,6 @@ func (r *OperatorVictoriametricsComVmclusterV1Beta1Manifest) Schema(_ context.Co
 								Computed:            false,
 							},
 
-							"host_aliases": schema.ListNestedAttribute{
-								Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								NestedObject: schema.NestedAttributeObject{
-									Attributes: map[string]schema.Attribute{
-										"hostnames": schema.ListAttribute{
-											Description:         "Hostnames for the above IP address.",
-											MarkdownDescription: "Hostnames for the above IP address.",
-											ElementType:         types.StringType,
-											Required:            false,
-											Optional:            true,
-											Computed:            false,
-										},
-
-										"ip": schema.StringAttribute{
-											Description:         "IP address of the host file entry.",
-											MarkdownDescription: "IP address of the host file entry.",
-											Required:            true,
-											Optional:            false,
-											Computed:            false,
-										},
-									},
-								},
-								Required: false,
-								Optional: true,
-								Computed: false,
-							},
-
 							"hpa": schema.MapAttribute{
 								Description:         "HPA defines kubernetes PodAutoScaling configuration version 2.",
 								MarkdownDescription: "HPA defines kubernetes PodAutoScaling configuration version 2.",
@@ -2270,34 +2230,6 @@ func (r *OperatorVictoriametricsComVmclusterV1Beta1Manifest) Schema(_ context.Co
 								Computed:            false,
 							},
 
-							"host_aliases": schema.ListNestedAttribute{
-								Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								NestedObject: schema.NestedAttributeObject{
-									Attributes: map[string]schema.Attribute{
-										"hostnames": schema.ListAttribute{
-											Description:         "Hostnames for the above IP address.",
-											MarkdownDescription: "Hostnames for the above IP address.",
-											ElementType:         types.StringType,
-											Required:            false,
-											Optional:            true,
-											Computed:            false,
-										},
-
-										"ip": schema.StringAttribute{
-											Description:         "IP address of the host file entry.",
-											MarkdownDescription: "IP address of the host file entry.",
-											Required:            true,
-											Optional:            false,
-											Computed:            false,
-										},
-									},
-								},
-								Required: false,
-								Optional: true,
-								Computed: false,
-							},
-
 							"hpa": schema.MapAttribute{
 								Description:         "Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue.",
 								MarkdownDescription: "Configures horizontal pod autoscaling. Note, enabling this option disables vmselect to vmselect communication. In most cases it's not an issue.",
@@ -3941,34 +3873,6 @@ func (r *OperatorVictoriametricsComVmclusterV1Beta1Manifest) Schema(_ context.Co
 								Computed:            false,
 							},
 
-							"host_aliases": schema.ListNestedAttribute{
-								Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-								NestedObject: schema.NestedAttributeObject{
-									Attributes: map[string]schema.Attribute{
-										"hostnames": schema.ListAttribute{
-											Description:         "Hostnames for the above IP address.",
-											MarkdownDescription: "Hostnames for the above IP address.",
-											ElementType:         types.StringType,
-											Required:            false,
-											Optional:            true,
-											Computed:            false,
-										},
-
-										"ip": schema.StringAttribute{
-											Description:         "IP address of the host file entry.",
-											MarkdownDescription: "IP address of the host file entry.",
-											Required:            true,
-											Optional:            false,
-											Computed:            false,
-										},
-									},
-								},
-								Required: false,
-								Optional: true,
-								Computed: false,
-							},
-
 							"image": schema.SingleNestedAttribute{
 								Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 								MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_probe_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_probe_v1beta1_manifest.go
index 6604b2a19..91aaef5b2 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_probe_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_probe_v1beta1_manifest.go
@@ -78,18 +78,16 @@ type OperatorVictoriametricsComVmprobeV1Beta1ManifestData struct {
 		JobName              *string `tfsdk:"job_name" json:"jobName,omitempty"`
 		Max_scrape_size      *string `tfsdk:"max_scrape_size" json:"max_scrape_size,omitempty"`
 		MetricRelabelConfigs *[]struct {
-			Action        *string            `tfsdk:"action" json:"action,omitempty"`
-			If            *map[string]string `tfsdk:"if" json:"if,omitempty"`
-			Labels        *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
-			Match         *string            `tfsdk:"match" json:"match,omitempty"`
-			Modulus       *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
-			Regex         *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
-			Replacement   *string            `tfsdk:"replacement" json:"replacement,omitempty"`
-			Separator     *string            `tfsdk:"separator" json:"separator,omitempty"`
-			SourceLabels  *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
-			Source_labels *[]string          `tfsdk:"source_labels" json:"source_labels,omitempty"`
-			TargetLabel   *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
-			Target_label  *string            `tfsdk:"target_label" json:"target_label,omitempty"`
+			Action       *string            `tfsdk:"action" json:"action,omitempty"`
+			If           *map[string]string `tfsdk:"if" json:"if,omitempty"`
+			Labels       *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
+			Match        *string            `tfsdk:"match" json:"match,omitempty"`
+			Modulus      *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
+			Regex        *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
+			Replacement  *string            `tfsdk:"replacement" json:"replacement,omitempty"`
+			Separator    *string            `tfsdk:"separator" json:"separator,omitempty"`
+			SourceLabels *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
+			TargetLabel  *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
 		} `tfsdk:"metric_relabel_configs" json:"metricRelabelConfigs,omitempty"`
 		Module *string `tfsdk:"module" json:"module,omitempty"`
 		Oauth2 *struct {
@@ -665,15 +663,6 @@ func (r *OperatorVictoriametricsComVmprobeV1Beta1Manifest) Schema(_ context.Cont
 									Computed:            false,
 								},
 
-								"source_labels": schema.ListAttribute{
-									Description:         "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
 								"target_label": schema.StringAttribute{
 									Description:         "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
 									MarkdownDescription: "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
@@ -681,14 +670,6 @@ func (r *OperatorVictoriametricsComVmprobeV1Beta1Manifest) Schema(_ context.Cont
 									Optional:            true,
 									Computed:            false,
 								},
-
-								"target_label": schema.StringAttribute{
-									Description:         "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
 							},
 						},
 						Required: false,
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.go
index db4ad0799..557b7607c 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest.go
@@ -688,18 +688,16 @@ type OperatorVictoriametricsComVmscrapeConfigV1Beta1ManifestData struct {
 		} `tfsdk:"kubernetes_sd_configs" json:"kubernetesSDConfigs,omitempty"`
 		Max_scrape_size      *string `tfsdk:"max_scrape_size" json:"max_scrape_size,omitempty"`
 		MetricRelabelConfigs *[]struct {
-			Action        *string            `tfsdk:"action" json:"action,omitempty"`
-			If            *map[string]string `tfsdk:"if" json:"if,omitempty"`
-			Labels        *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
-			Match         *string            `tfsdk:"match" json:"match,omitempty"`
-			Modulus       *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
-			Regex         *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
-			Replacement   *string            `tfsdk:"replacement" json:"replacement,omitempty"`
-			Separator     *string            `tfsdk:"separator" json:"separator,omitempty"`
-			SourceLabels  *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
-			Source_labels *[]string          `tfsdk:"source_labels" json:"source_labels,omitempty"`
-			TargetLabel   *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
-			Target_label  *string            `tfsdk:"target_label" json:"target_label,omitempty"`
+			Action       *string            `tfsdk:"action" json:"action,omitempty"`
+			If           *map[string]string `tfsdk:"if" json:"if,omitempty"`
+			Labels       *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
+			Match        *string            `tfsdk:"match" json:"match,omitempty"`
+			Modulus      *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
+			Regex        *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
+			Replacement  *string            `tfsdk:"replacement" json:"replacement,omitempty"`
+			Separator    *string            `tfsdk:"separator" json:"separator,omitempty"`
+			SourceLabels *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
+			TargetLabel  *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
 		} `tfsdk:"metric_relabel_configs" json:"metricRelabelConfigs,omitempty"`
 		Oauth2 *struct {
 			Client_id *struct {
@@ -790,18 +788,16 @@ type OperatorVictoriametricsComVmscrapeConfigV1Beta1ManifestData struct {
 		Path           *string              `tfsdk:"path" json:"path,omitempty"`
 		ProxyURL       *string              `tfsdk:"proxy_url" json:"proxyURL,omitempty"`
 		RelabelConfigs *[]struct {
-			Action        *string            `tfsdk:"action" json:"action,omitempty"`
-			If            *map[string]string `tfsdk:"if" json:"if,omitempty"`
-			Labels        *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
-			Match         *string            `tfsdk:"match" json:"match,omitempty"`
-			Modulus       *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
-			Regex         *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
-			Replacement   *string            `tfsdk:"replacement" json:"replacement,omitempty"`
-			Separator     *string            `tfsdk:"separator" json:"separator,omitempty"`
-			SourceLabels  *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
-			Source_labels *[]string          `tfsdk:"source_labels" json:"source_labels,omitempty"`
-			TargetLabel   *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
-			Target_label  *string            `tfsdk:"target_label" json:"target_label,omitempty"`
+			Action       *string            `tfsdk:"action" json:"action,omitempty"`
+			If           *map[string]string `tfsdk:"if" json:"if,omitempty"`
+			Labels       *map[string]string `tfsdk:"labels" json:"labels,omitempty"`
+			Match        *string            `tfsdk:"match" json:"match,omitempty"`
+			Modulus      *int64             `tfsdk:"modulus" json:"modulus,omitempty"`
+			Regex        *map[string]string `tfsdk:"regex" json:"regex,omitempty"`
+			Replacement  *string            `tfsdk:"replacement" json:"replacement,omitempty"`
+			Separator    *string            `tfsdk:"separator" json:"separator,omitempty"`
+			SourceLabels *[]string          `tfsdk:"source_labels" json:"sourceLabels,omitempty"`
+			TargetLabel  *string            `tfsdk:"target_label" json:"targetLabel,omitempty"`
 		} `tfsdk:"relabel_configs" json:"relabelConfigs,omitempty"`
 		SampleLimit     *int64  `tfsdk:"sample_limit" json:"sampleLimit,omitempty"`
 		Scheme          *string `tfsdk:"scheme" json:"scheme,omitempty"`
@@ -5315,15 +5311,6 @@ func (r *OperatorVictoriametricsComVmscrapeConfigV1Beta1Manifest) Schema(_ conte
 									Computed:            false,
 								},
 
-								"source_labels": schema.ListAttribute{
-									Description:         "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
 								"target_label": schema.StringAttribute{
 									Description:         "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
 									MarkdownDescription: "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
@@ -5331,14 +5318,6 @@ func (r *OperatorVictoriametricsComVmscrapeConfigV1Beta1Manifest) Schema(_ conte
 									Optional:            true,
 									Computed:            false,
 								},
-
-								"target_label": schema.StringAttribute{
-									Description:         "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
 							},
 						},
 						Required: false,
@@ -6036,15 +6015,6 @@ func (r *OperatorVictoriametricsComVmscrapeConfigV1Beta1Manifest) Schema(_ conte
 									Computed:            false,
 								},
 
-								"source_labels": schema.ListAttribute{
-									Description:         "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreSourceLabels - additional form of source labels source_labels for compatibility with original relabel config. if set both sourceLabels and source_labels, sourceLabels has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
 								"target_label": schema.StringAttribute{
 									Description:         "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
 									MarkdownDescription: "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
@@ -6052,14 +6022,6 @@ func (r *OperatorVictoriametricsComVmscrapeConfigV1Beta1Manifest) Schema(_ conte
 									Optional:            true,
 									Computed:            false,
 								},
-
-								"target_label": schema.StringAttribute{
-									Description:         "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									MarkdownDescription: "UnderScoreTargetLabel - additional form of target label - target_label for compatibility with original relabel config. if set both targetLabel and target_label, targetLabel has priority. for details https://github.com/VictoriaMetrics/operator/issues/131",
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
 							},
 						},
 						Required: false,
diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go
index 20bc893d8..4af2f66c7 100644
--- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go
+++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go
@@ -62,12 +62,8 @@ type OperatorVictoriametricsComVmsingleV1Beta1ManifestData struct {
 			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
 			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
 		} `tfsdk:"host_aliases" json:"hostAliases,omitempty"`
-		HostNetwork  *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
-		Host_aliases *[]struct {
-			Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"`
-			Ip        *string   `tfsdk:"ip" json:"ip,omitempty"`
-		} `tfsdk:"host_aliases" json:"host_aliases,omitempty"`
-		Image *struct {
+		HostNetwork *bool `tfsdk:"host_network" json:"hostNetwork,omitempty"`
+		Image       *struct {
 			PullPolicy *string `tfsdk:"pull_policy" json:"pullPolicy,omitempty"`
 			Repository *string `tfsdk:"repository" json:"repository,omitempty"`
 			Tag        *string `tfsdk:"tag" json:"tag,omitempty"`
@@ -547,34 +543,6 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con
 						Computed:            false,
 					},
 
-					"host_aliases": schema.ListNestedAttribute{
-						Description:         "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						MarkdownDescription: "HostAliasesUnderScore provides mapping for ip and hostname, that would be propagated to pod, cannot be used with HostNetwork. Has Priority over hostAliases field",
-						NestedObject: schema.NestedAttributeObject{
-							Attributes: map[string]schema.Attribute{
-								"hostnames": schema.ListAttribute{
-									Description:         "Hostnames for the above IP address.",
-									MarkdownDescription: "Hostnames for the above IP address.",
-									ElementType:         types.StringType,
-									Required:            false,
-									Optional:            true,
-									Computed:            false,
-								},
-
-								"ip": schema.StringAttribute{
-									Description:         "IP address of the host file entry.",
-									MarkdownDescription: "IP address of the host file entry.",
-									Required:            true,
-									Optional:            false,
-									Computed:            false,
-								},
-							},
-						},
-						Required: false,
-						Optional: true,
-						Computed: false,
-					},
-
 					"image": schema.SingleNestedAttribute{
 						Description:         "Image - docker image settings if no specified operator uses default version from operator config",
 						MarkdownDescription: "Image - docker image settings if no specified operator uses default version from operator config",
diff --git a/internal/provider/provider_data_sources.go b/internal/provider/provider_data_sources.go
index 1c07dcdc2..3d6cafa21 100644
--- a/internal/provider/provider_data_sources.go
+++ b/internal/provider/provider_data_sources.go
@@ -1890,8 +1890,6 @@ func allDataSources() []func() datasource.DataSource {
 		gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoGrpcrouteV1Alpha2Manifest,
 		// gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2DataSource,
 		gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2Manifest,
-		// gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2DataSource,
-		gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2Manifest,
 		// gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoTcprouteV1Alpha2DataSource,
 		gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoTcprouteV1Alpha2Manifest,
 		// gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoTlsrouteV1Alpha2DataSource,
diff --git a/internal/provider/provider_resources.go b/internal/provider/provider_resources.go
index 74fa3d31a..8f61de344 100644
--- a/internal/provider/provider_resources.go
+++ b/internal/provider/provider_resources.go
@@ -1223,7 +1223,6 @@ func allResources() []func() resource.Resource {
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoBackendLbpolicyV1Alpha2Resource,
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoGrpcrouteV1Alpha2Resource,
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2Resource,
-		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoReferenceGrantV1Alpha2Resource,
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoTcprouteV1Alpha2Resource,
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoTlsrouteV1Alpha2Resource,
 		//gateway_networking_k8s_io_v1alpha2.NewGatewayNetworkingK8SIoUdprouteV1Alpha2Resource,
diff --git a/terratests.mk b/terratests.mk
index 1281941ed..9713f64e8 100644
--- a/terratests.mk
+++ b/terratests.mk
@@ -2669,10 +2669,6 @@ out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manife
 	mkdir --parents $(@D)
 	go test -timeout=120s ./terratest/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go
 	touch $@
-out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go: out/install-sentinel terratest/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go $(shell find ./examples/data-sources/k8s_gateway_networking_k8s_io_reference_grant_v1alpha2_manifest -type f -name '*.tf')
-	mkdir --parents $(@D)
-	go test -timeout=120s ./terratest/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go
-	touch $@
 out/terratest-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go: out/install-sentinel terratest/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go $(shell find ./examples/data-sources/k8s_gateway_networking_k8s_io_tcp_route_v1alpha2_manifest -type f -name '*.tf')
 	mkdir --parents $(@D)
 	go test -timeout=120s ./terratest/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go
@@ -6992,4 +6988,4 @@ out/terratest-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifes
 
 
 .PHONY: terratests
-terratests: out/terratest-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/terratest-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/terratest-sentinel-airflow_stackable_tech_airflow_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/terratest-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/terratest-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/terratest-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/terratest-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/terratest-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/terratest-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/terratest-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/terratest-sentinel-apps_daemon_set_v1_manifest_test.go out/terratest-sentinel-apps_deployment_v1_manifest_test.go out/terratest-sentinel-apps_replica_set_v1_manifest_test.go out/terratest-sentinel-apps_stateful_set_v1_manifest_test.go out/terratest-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/terratest-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/terratest-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/terratest-sentinel-authentication_stackable_tech_authentication_class_v1alpha1_manifest_test.go out/terratest-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/terratest-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-b3scale_io_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-batch_cron_job_v1_manifest_test.go out/terratest-sentinel-batch_job_v1_manifest_test.go out/terratest-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/terratest-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/terratest-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/terratest-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/terratest-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/terratest-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/terratest-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/terratest-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/terratest-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_build_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/terratest-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/terratest-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/terratest-sentinel-certman_managed_openshift_io_certificate_request_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha2_manifest_test.go out/terratest-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/terratest-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/terratest-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/terratest-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/terratest-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/terratest-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/terratest-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/terratest-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/terratest-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/terratest-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/terratest-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/terratest-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/terratest-sentinel-config_map_v1_manifest_test.go out/terratest-sentinel-endpoints_v1_manifest_test.go out/terratest-sentinel-limit_range_v1_manifest_test.go out/terratest-sentinel-namespace_v1_manifest_test.go out/terratest-sentinel-persistent_volume_claim_v1_manifest_test.go out/terratest-sentinel-persistent_volume_v1_manifest_test.go out/terratest-sentinel-pod_v1_manifest_test.go out/terratest-sentinel-replication_controller_v1_manifest_test.go out/terratest-sentinel-secret_v1_manifest_test.go out/terratest-sentinel-service_account_v1_manifest_test.go out/terratest-sentinel-service_v1_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/terratest-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_tier_v1_manifest_test.go out/terratest-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/terratest-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/terratest-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/terratest-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/terratest-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/terratest-sentinel-druid_stackable_tech_druid_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/terratest-sentinel-edc_stackable_tech_edc_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_endpoint_slice_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_info_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_policy_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_endpoint_slice_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_gateway_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_policy_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_tunnel_v1beta1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/terratest-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/terratest-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/terratest-sentinel-events_k8s_io_event_v1_manifest_test.go out/terratest-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/terratest-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/terratest-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/terratest-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/terratest-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/terratest-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/terratest-sentinel-fossul_io_backup_config_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_v1_manifest_test.go out/terratest-sentinel-fossul_io_fossul_v1_manifest_test.go out/terratest-sentinel-fossul_io_restore_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/terratest-sentinel-getambassador_io_host_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_module_v2_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/terratest-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/terratest-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/terratest-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/terratest-sentinel-hbase_stackable_tech_hbase_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-hdfs_stackable_tech_hdfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/terratest-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_stackable_tech_hive_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/terratest-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/terratest-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/terratest-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/terratest-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/terratest-sentinel-instana_io_instana_agent_v1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/terratest-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/terratest-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/terratest-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/terratest-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/terratest-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/terratest-sentinel-k8up_io_archive_v1_manifest_test.go out/terratest-sentinel-k8up_io_backup_v1_manifest_test.go out/terratest-sentinel-k8up_io_check_v1_manifest_test.go out/terratest-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/terratest-sentinel-k8up_io_prune_v1_manifest_test.go out/terratest-sentinel-k8up_io_restore_v1_manifest_test.go out/terratest-sentinel-k8up_io_schedule_v1_manifest_test.go out/terratest-sentinel-k8up_io_snapshot_v1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/terratest-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_stackable_tech_kafka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_node_pool_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/terratest-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/terratest-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/terratest-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/terratest-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/terratest-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cohort_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_priority_class_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/terratest-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/terratest-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta7_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta7_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta7_manifest_test.go out/terratest-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_listener_class_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_listener_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_pod_listeners_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/terratest-sentinel-minio_min_io_tenant_v2_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/terratest-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/terratest-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/terratest-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/terratest-sentinel-networking_gke_io_gcp_backend_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_gcp_gateway_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_health_check_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_lb_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/terratest-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nifi_stackable_tech_nifi_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/terratest-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_managed_fleet_notification_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_managed_notification_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_ocm_agent_v1alpha1_manifest_test.go out/terratest-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/terratest-sentinel-opa_stackable_tech_opa_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/terratest-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/terratest-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta2_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/terratest-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_v_logs_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/terratest-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_upgrade_v2_manifest_test.go out/terratest-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/terratest-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/terratest-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/terratest-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/terratest-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/terratest-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/terratest-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/terratest-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/terratest-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/terratest-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/terratest-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_stackable_tech_secret_class_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/terratest-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/terratest-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/terratest-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/terratest-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/terratest-sentinel-spark_stackable_tech_spark_application_v1alpha1_manifest_test.go out/terratest-sentinel-spark_stackable_tech_spark_history_server_v1alpha1_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/terratest-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_ovs_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_ib_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_node_policy_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_node_state_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_pool_config_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_operator_config_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/terratest-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/terratest-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1beta1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/terratest-sentinel-superset_stackable_tech_druid_connection_v1alpha1_manifest_test.go out/terratest-sentinel-superset_stackable_tech_superset_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v3_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/terratest-sentinel-theketch_io_app_v1beta1_manifest_test.go out/terratest-sentinel-theketch_io_job_v1beta1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/terratest-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/terratest-sentinel-trino_stackable_tech_trino_catalog_v1alpha1_manifest_test.go out/terratest-sentinel-trino_stackable_tech_trino_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/terratest-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/terratest-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/terratest-sentinel-velero_io_backup_repository_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/terratest-sentinel-velero_io_download_request_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_schedule_v1_manifest_test.go out/terratest-sentinel-velero_io_server_status_request_v1_manifest_test.go out/terratest-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/terratest-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/terratest-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta2_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/terratest-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/terratest-sentinel-zookeeper_stackable_tech_zookeeper_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifest_test.go  ## run all terratest tests
+terratests: out/terratest-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/terratest-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/terratest-sentinel-airflow_stackable_tech_airflow_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/terratest-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/terratest-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/terratest-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/terratest-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/terratest-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/terratest-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/terratest-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/terratest-sentinel-apps_daemon_set_v1_manifest_test.go out/terratest-sentinel-apps_deployment_v1_manifest_test.go out/terratest-sentinel-apps_replica_set_v1_manifest_test.go out/terratest-sentinel-apps_stateful_set_v1_manifest_test.go out/terratest-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/terratest-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/terratest-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/terratest-sentinel-authentication_stackable_tech_authentication_class_v1alpha1_manifest_test.go out/terratest-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/terratest-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-b3scale_io_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-batch_cron_job_v1_manifest_test.go out/terratest-sentinel-batch_job_v1_manifest_test.go out/terratest-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/terratest-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/terratest-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/terratest-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/terratest-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/terratest-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/terratest-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/terratest-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/terratest-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_build_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/terratest-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/terratest-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/terratest-sentinel-certman_managed_openshift_io_certificate_request_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha2_manifest_test.go out/terratest-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/terratest-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/terratest-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/terratest-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/terratest-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/terratest-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/terratest-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/terratest-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/terratest-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/terratest-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/terratest-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/terratest-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/terratest-sentinel-config_map_v1_manifest_test.go out/terratest-sentinel-endpoints_v1_manifest_test.go out/terratest-sentinel-limit_range_v1_manifest_test.go out/terratest-sentinel-namespace_v1_manifest_test.go out/terratest-sentinel-persistent_volume_claim_v1_manifest_test.go out/terratest-sentinel-persistent_volume_v1_manifest_test.go out/terratest-sentinel-pod_v1_manifest_test.go out/terratest-sentinel-replication_controller_v1_manifest_test.go out/terratest-sentinel-secret_v1_manifest_test.go out/terratest-sentinel-service_account_v1_manifest_test.go out/terratest-sentinel-service_v1_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/terratest-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_tier_v1_manifest_test.go out/terratest-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/terratest-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/terratest-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/terratest-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/terratest-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/terratest-sentinel-druid_stackable_tech_druid_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/terratest-sentinel-edc_stackable_tech_edc_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_endpoint_slice_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_info_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_cluster_policy_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_endpoint_slice_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_gateway_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_policy_v1beta1_manifest_test.go out/terratest-sentinel-egressgateway_spidernet_io_egress_tunnel_v1beta1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/terratest-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/terratest-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/terratest-sentinel-events_k8s_io_event_v1_manifest_test.go out/terratest-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/terratest-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/terratest-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/terratest-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/terratest-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/terratest-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/terratest-sentinel-fossul_io_backup_config_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_v1_manifest_test.go out/terratest-sentinel-fossul_io_fossul_v1_manifest_test.go out/terratest-sentinel-fossul_io_restore_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/terratest-sentinel-getambassador_io_host_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_module_v2_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/terratest-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/terratest-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/terratest-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/terratest-sentinel-hbase_stackable_tech_hbase_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-hdfs_stackable_tech_hdfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/terratest-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_stackable_tech_hive_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/terratest-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/terratest-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/terratest-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/terratest-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/terratest-sentinel-instana_io_instana_agent_v1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/terratest-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/terratest-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/terratest-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/terratest-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/terratest-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/terratest-sentinel-k8up_io_archive_v1_manifest_test.go out/terratest-sentinel-k8up_io_backup_v1_manifest_test.go out/terratest-sentinel-k8up_io_check_v1_manifest_test.go out/terratest-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/terratest-sentinel-k8up_io_prune_v1_manifest_test.go out/terratest-sentinel-k8up_io_restore_v1_manifest_test.go out/terratest-sentinel-k8up_io_schedule_v1_manifest_test.go out/terratest-sentinel-k8up_io_snapshot_v1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/terratest-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_stackable_tech_kafka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_node_pool_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/terratest-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/terratest-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/terratest-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/terratest-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/terratest-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cohort_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_priority_class_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/terratest-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/terratest-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta6_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta7_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta7_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta7_manifest_test.go out/terratest-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_listener_class_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_listener_v1alpha1_manifest_test.go out/terratest-sentinel-listeners_stackable_tech_pod_listeners_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/terratest-sentinel-minio_min_io_tenant_v2_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/terratest-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/terratest-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/terratest-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/terratest-sentinel-networking_gke_io_gcp_backend_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_gcp_gateway_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_health_check_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_lb_policy_v1_manifest_test.go out/terratest-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/terratest-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nifi_stackable_tech_nifi_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/terratest-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_managed_fleet_notification_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_managed_notification_v1alpha1_manifest_test.go out/terratest-sentinel-ocmagent_managed_openshift_io_ocm_agent_v1alpha1_manifest_test.go out/terratest-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/terratest-sentinel-opa_stackable_tech_opa_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/terratest-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/terratest-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta2_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/terratest-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_v_logs_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/terratest-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_upgrade_v2_manifest_test.go out/terratest-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/terratest-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/terratest-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/terratest-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/terratest-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/terratest-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/terratest-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/terratest-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/terratest-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/terratest-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/terratest-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_stackable_tech_secret_class_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/terratest-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/terratest-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/terratest-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/terratest-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/terratest-sentinel-spark_stackable_tech_spark_application_v1alpha1_manifest_test.go out/terratest-sentinel-spark_stackable_tech_spark_history_server_v1alpha1_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/terratest-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_ovs_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_ib_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_node_policy_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_node_state_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_pool_config_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_network_v1_manifest_test.go out/terratest-sentinel-sriovnetwork_openshift_io_sriov_operator_config_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/terratest-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/terratest-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1beta1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/terratest-sentinel-superset_stackable_tech_druid_connection_v1alpha1_manifest_test.go out/terratest-sentinel-superset_stackable_tech_superset_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v3_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/terratest-sentinel-theketch_io_app_v1beta1_manifest_test.go out/terratest-sentinel-theketch_io_job_v1beta1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/terratest-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/terratest-sentinel-trino_stackable_tech_trino_catalog_v1alpha1_manifest_test.go out/terratest-sentinel-trino_stackable_tech_trino_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/terratest-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/terratest-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/terratest-sentinel-velero_io_backup_repository_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/terratest-sentinel-velero_io_download_request_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_schedule_v1_manifest_test.go out/terratest-sentinel-velero_io_server_status_request_v1_manifest_test.go out/terratest-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/terratest-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/terratest-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta2_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/terratest-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/terratest-sentinel-zookeeper_stackable_tech_zookeeper_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifest_test.go  ## run all terratest tests
diff --git a/tests.mk b/tests.mk
index cae206c15..e84b81a98 100644
--- a/tests.mk
+++ b/tests.mk
@@ -2669,10 +2669,6 @@ out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_te
 	mkdir --parents $(@D)
 	go test ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go
 	touch $@
-out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go: ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest.go ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go
-	mkdir --parents $(@D)
-	go test ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go
-	touch $@
 out/test-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go: ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_tcp_route_v1alpha2_manifest.go ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go
 	mkdir --parents $(@D)
 	go test ./internal/provider/gateway_networking_k8s_io_v1alpha2/gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go
@@ -6992,4 +6988,4 @@ out/test-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifest_tes
 
 
 .PHONY: tests
-tests: out/test-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/test-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/test-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/test-sentinel-airflow_stackable_tech_airflow_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/test-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/test-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/test-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/test-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/test-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/test-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/test-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/test-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/test-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/test-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/test-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/test-sentinel-apps_daemon_set_v1_manifest_test.go out/test-sentinel-apps_deployment_v1_manifest_test.go out/test-sentinel-apps_replica_set_v1_manifest_test.go out/test-sentinel-apps_stateful_set_v1_manifest_test.go out/test-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/test-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/test-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/test-sentinel-authentication_stackable_tech_authentication_class_v1alpha1_manifest_test.go out/test-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/test-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/test-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/test-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/test-sentinel-b3scale_io_bbb_frontend_v1_manifest_test.go out/test-sentinel-batch_cron_job_v1_manifest_test.go out/test-sentinel-batch_job_v1_manifest_test.go out/test-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/test-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/test-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/test-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/test-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/test-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/test-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/test-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/test-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/test-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/test-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_build_v1_manifest_test.go out/test-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/test-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/test-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/test-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/test-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/test-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/test-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/test-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/test-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/test-sentinel-certman_managed_openshift_io_certificate_request_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha2_manifest_test.go out/test-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/test-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/test-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/test-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/test-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/test-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/test-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/test-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/test-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/test-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/test-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/test-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/test-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/test-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/test-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/test-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/test-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/test-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/test-sentinel-config_map_v1_manifest_test.go out/test-sentinel-endpoints_v1_manifest_test.go out/test-sentinel-limit_range_v1_manifest_test.go out/test-sentinel-namespace_v1_manifest_test.go out/test-sentinel-persistent_volume_claim_v1_manifest_test.go out/test-sentinel-persistent_volume_v1_manifest_test.go out/test-sentinel-pod_v1_manifest_test.go out/test-sentinel-replication_controller_v1_manifest_test.go out/test-sentinel-secret_v1_manifest_test.go out/test-sentinel-service_account_v1_manifest_test.go out/test-sentinel-service_v1_manifest_test.go out/test-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/test-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_tier_v1_manifest_test.go out/test-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/test-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/test-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/test-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/test-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/test-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/test-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/test-sentinel-druid_stackable_tech_druid_cluster_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/test-sentinel-edc_stackable_tech_edc_cluster_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_endpoint_slice_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_info_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_policy_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_endpoint_slice_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_gateway_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_policy_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_tunnel_v1beta1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/test-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/test-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/test-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/test-sentinel-events_k8s_io_event_v1_manifest_test.go out/test-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/test-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/test-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/test-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/test-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/test-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/test-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/test-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/test-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/test-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/test-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/test-sentinel-fossul_io_backup_config_v1_manifest_test.go out/test-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/test-sentinel-fossul_io_backup_v1_manifest_test.go out/test-sentinel-fossul_io_fossul_v1_manifest_test.go out/test-sentinel-fossul_io_restore_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/test-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_module_v1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/test-sentinel-getambassador_io_host_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_log_service_v2_manifest_test.go out/test-sentinel-getambassador_io_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_module_v2_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/test-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/test-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/test-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/test-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/test-sentinel-hbase_stackable_tech_hbase_cluster_v1alpha1_manifest_test.go out/test-sentinel-hdfs_stackable_tech_hdfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/test-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/test-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/test-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/test-sentinel-hive_stackable_tech_hive_cluster_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/test-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/test-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/test-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/test-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/test-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/test-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/test-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/test-sentinel-instana_io_instana_agent_v1_manifest_test.go out/test-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/test-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/test-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/test-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/test-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/test-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/test-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/test-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/test-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/test-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/test-sentinel-k8up_io_archive_v1_manifest_test.go out/test-sentinel-k8up_io_backup_v1_manifest_test.go out/test-sentinel-k8up_io_check_v1_manifest_test.go out/test-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/test-sentinel-k8up_io_prune_v1_manifest_test.go out/test-sentinel-k8up_io_restore_v1_manifest_test.go out/test-sentinel-k8up_io_schedule_v1_manifest_test.go out/test-sentinel-k8up_io_snapshot_v1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/test-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_stackable_tech_kafka_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_node_pool_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/test-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/test-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/test-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/test-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/test-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/test-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/test-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/test-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cohort_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_priority_class_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/test-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/test-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/test-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/test-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta7_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta7_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta7_manifest_test.go out/test-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_listener_class_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_listener_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_pod_listeners_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/test-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/test-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/test-sentinel-minio_min_io_tenant_v2_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/test-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/test-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/test-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/test-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/test-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/test-sentinel-networking_gke_io_gcp_backend_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_gcp_gateway_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_health_check_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_lb_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/test-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/test-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/test-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nifi_stackable_tech_nifi_cluster_v1alpha1_manifest_test.go out/test-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/test-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_managed_fleet_notification_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_managed_notification_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_ocm_agent_v1alpha1_manifest_test.go out/test-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/test-sentinel-opa_stackable_tech_opa_cluster_v1alpha1_manifest_test.go out/test-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/test-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/test-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta2_manifest_test.go out/test-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/test-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/test-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/test-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/test-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/test-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/test-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/test-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/test-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/test-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/test-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/test-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/test-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_v_logs_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/test-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_upgrade_v2_manifest_test.go out/test-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/test-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/test-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/test-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/test-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/test-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/test-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/test-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/test-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/test-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/test-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/test-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/test-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/test-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/test-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/test-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/test-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/test-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/test-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/test-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_stackable_tech_secret_class_v1alpha1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/test-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/test-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/test-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/test-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/test-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/test-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/test-sentinel-spark_stackable_tech_spark_application_v1alpha1_manifest_test.go out/test-sentinel-spark_stackable_tech_spark_history_server_v1alpha1_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/test-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_ovs_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_ib_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_node_policy_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_node_state_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_pool_config_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_operator_config_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/test-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/test-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/test-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/test-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1beta1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/test-sentinel-superset_stackable_tech_druid_connection_v1alpha1_manifest_test.go out/test-sentinel-superset_stackable_tech_superset_cluster_v1alpha1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_v1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/test-sentinel-tests_testkube_io_test_v3_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/test-sentinel-theketch_io_app_v1beta1_manifest_test.go out/test-sentinel-theketch_io_job_v1beta1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/test-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/test-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/test-sentinel-trino_stackable_tech_trino_catalog_v1alpha1_manifest_test.go out/test-sentinel-trino_stackable_tech_trino_cluster_v1alpha1_manifest_test.go out/test-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/test-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/test-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/test-sentinel-velero_io_backup_repository_v1_manifest_test.go out/test-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/test-sentinel-velero_io_backup_v1_manifest_test.go out/test-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/test-sentinel-velero_io_download_request_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/test-sentinel-velero_io_restore_v1_manifest_test.go out/test-sentinel-velero_io_schedule_v1_manifest_test.go out/test-sentinel-velero_io_server_status_request_v1_manifest_test.go out/test-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/test-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/test-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/test-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta2_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/test-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/test-sentinel-zookeeper_stackable_tech_zookeeper_cluster_v1alpha1_manifest_test.go out/test-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifest_test.go out/tools-tests-sentinel ## run the unit tests
+tests: out/test-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/test-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/test-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/test-sentinel-airflow_stackable_tech_airflow_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/test-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/test-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/test-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/test-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/test-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/test-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/test-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/test-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/test-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/test-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/test-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/test-sentinel-apps_daemon_set_v1_manifest_test.go out/test-sentinel-apps_deployment_v1_manifest_test.go out/test-sentinel-apps_replica_set_v1_manifest_test.go out/test-sentinel-apps_stateful_set_v1_manifest_test.go out/test-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/test-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/test-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/test-sentinel-authentication_stackable_tech_authentication_class_v1alpha1_manifest_test.go out/test-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/test-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/test-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/test-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/test-sentinel-b3scale_io_bbb_frontend_v1_manifest_test.go out/test-sentinel-batch_cron_job_v1_manifest_test.go out/test-sentinel-batch_job_v1_manifest_test.go out/test-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/test-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/test-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/test-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/test-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/test-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/test-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/test-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/test-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/test-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/test-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_build_v1_manifest_test.go out/test-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/test-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/test-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/test-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/test-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/test-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/test-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/test-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/test-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/test-sentinel-certman_managed_openshift_io_certificate_request_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha2_manifest_test.go out/test-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/test-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/test-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/test-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/test-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/test-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/test-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/test-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/test-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/test-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/test-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/test-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/test-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/test-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/test-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/test-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/test-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/test-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/test-sentinel-config_map_v1_manifest_test.go out/test-sentinel-endpoints_v1_manifest_test.go out/test-sentinel-limit_range_v1_manifest_test.go out/test-sentinel-namespace_v1_manifest_test.go out/test-sentinel-persistent_volume_claim_v1_manifest_test.go out/test-sentinel-persistent_volume_v1_manifest_test.go out/test-sentinel-pod_v1_manifest_test.go out/test-sentinel-replication_controller_v1_manifest_test.go out/test-sentinel-secret_v1_manifest_test.go out/test-sentinel-service_account_v1_manifest_test.go out/test-sentinel-service_v1_manifest_test.go out/test-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/test-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_tier_v1_manifest_test.go out/test-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/test-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/test-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/test-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/test-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/test-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/test-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/test-sentinel-druid_stackable_tech_druid_cluster_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/test-sentinel-edc_stackable_tech_edc_cluster_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_endpoint_slice_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_info_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_cluster_policy_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_endpoint_slice_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_gateway_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_policy_v1beta1_manifest_test.go out/test-sentinel-egressgateway_spidernet_io_egress_tunnel_v1beta1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/test-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/test-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/test-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/test-sentinel-events_k8s_io_event_v1_manifest_test.go out/test-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/test-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/test-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/test-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/test-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/test-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/test-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/test-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/test-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/test-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/test-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/test-sentinel-fossul_io_backup_config_v1_manifest_test.go out/test-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/test-sentinel-fossul_io_backup_v1_manifest_test.go out/test-sentinel-fossul_io_fossul_v1_manifest_test.go out/test-sentinel-fossul_io_restore_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_backend_lb_policy_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_backend_tls_policy_v1alpha3_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/test-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_module_v1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/test-sentinel-getambassador_io_host_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_log_service_v2_manifest_test.go out/test-sentinel-getambassador_io_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_module_v2_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/test-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/test-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/test-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/test-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/test-sentinel-hbase_stackable_tech_hbase_cluster_v1alpha1_manifest_test.go out/test-sentinel-hdfs_stackable_tech_hdfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/test-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/test-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/test-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/test-sentinel-hive_stackable_tech_hive_cluster_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/test-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/test-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/test-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/test-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/test-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/test-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/test-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/test-sentinel-instana_io_instana_agent_v1_manifest_test.go out/test-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/test-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/test-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/test-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/test-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/test-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/test-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/test-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/test-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/test-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/test-sentinel-k8up_io_archive_v1_manifest_test.go out/test-sentinel-k8up_io_backup_v1_manifest_test.go out/test-sentinel-k8up_io_check_v1_manifest_test.go out/test-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/test-sentinel-k8up_io_prune_v1_manifest_test.go out/test-sentinel-k8up_io_restore_v1_manifest_test.go out/test-sentinel-k8up_io_schedule_v1_manifest_test.go out/test-sentinel-k8up_io_snapshot_v1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/test-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_stackable_tech_kafka_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_node_pool_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/test-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/test-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/test-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/test-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/test-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/test-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/test-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/test-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cohort_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_multi_kueue_cluster_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_multi_kueue_config_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_provisioning_request_config_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_priority_class_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/test-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/test-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/test-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/test-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta6_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta7_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta7_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta7_manifest_test.go out/test-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_listener_class_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_listener_v1alpha1_manifest_test.go out/test-sentinel-listeners_stackable_tech_pod_listeners_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/test-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/test-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/test-sentinel-minio_min_io_tenant_v2_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/test-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/test-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/test-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/test-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/test-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/test-sentinel-networking_gke_io_gcp_backend_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_gcp_gateway_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_health_check_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_lb_policy_v1_manifest_test.go out/test-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/test-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/test-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/test-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nifi_stackable_tech_nifi_cluster_v1alpha1_manifest_test.go out/test-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/test-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_managed_fleet_notification_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_managed_notification_v1alpha1_manifest_test.go out/test-sentinel-ocmagent_managed_openshift_io_ocm_agent_v1alpha1_manifest_test.go out/test-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/test-sentinel-opa_stackable_tech_opa_cluster_v1alpha1_manifest_test.go out/test-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/test-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/test-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta2_manifest_test.go out/test-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/test-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/test-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/test-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/test-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/test-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/test-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/test-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/test-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/test-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/test-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/test-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/test-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_v_logs_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_scrape_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/test-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_upgrade_v2_manifest_test.go out/test-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/test-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/test-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/test-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/test-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/test-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/test-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/test-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/test-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/test-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/test-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/test-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/test-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/test-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/test-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/test-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/test-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/test-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/test-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/test-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_stackable_tech_secret_class_v1alpha1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/test-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/test-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/test-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/test-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/test-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/test-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/test-sentinel-spark_stackable_tech_spark_application_v1alpha1_manifest_test.go out/test-sentinel-spark_stackable_tech_spark_history_server_v1alpha1_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/test-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_ovs_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_ib_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_node_policy_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_node_state_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_pool_config_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_network_v1_manifest_test.go out/test-sentinel-sriovnetwork_openshift_io_sriov_operator_config_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/test-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/test-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/test-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/test-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1beta1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/test-sentinel-superset_stackable_tech_druid_connection_v1alpha1_manifest_test.go out/test-sentinel-superset_stackable_tech_superset_cluster_v1alpha1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_v1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/test-sentinel-tests_testkube_io_test_v3_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/test-sentinel-theketch_io_app_v1beta1_manifest_test.go out/test-sentinel-theketch_io_job_v1beta1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/test-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/test-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/test-sentinel-trino_stackable_tech_trino_catalog_v1alpha1_manifest_test.go out/test-sentinel-trino_stackable_tech_trino_cluster_v1alpha1_manifest_test.go out/test-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/test-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/test-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/test-sentinel-velero_io_backup_repository_v1_manifest_test.go out/test-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/test-sentinel-velero_io_backup_v1_manifest_test.go out/test-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/test-sentinel-velero_io_download_request_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/test-sentinel-velero_io_restore_v1_manifest_test.go out/test-sentinel-velero_io_schedule_v1_manifest_test.go out/test-sentinel-velero_io_server_status_request_v1_manifest_test.go out/test-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/test-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/test-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/test-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta2_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/test-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/test-sentinel-zookeeper_stackable_tech_zookeeper_cluster_v1alpha1_manifest_test.go out/test-sentinel-zookeeper_stackable_tech_zookeeper_znode_v1alpha1_manifest_test.go out/tools-tests-sentinel ## run the unit tests
diff --git a/tools/internal/generator/ignored_attributes.go b/tools/internal/generator/ignored_attributes.go
index 1ae138751..3e4b0d8c7 100644
--- a/tools/internal/generator/ignored_attributes.go
+++ b/tools/internal/generator/ignored_attributes.go
@@ -53,7 +53,11 @@ var ignoredAttributes = map[string][]string{
 	"security_istio_io_request_authentication_v1": {
 		"spec.jwtRules.jwks_uri",
 	},
+	"operator_victoriametrics_com_v_logs_v1beta1": {
+		"spec.host_aliases",
+	},
 	"operator_victoriametrics_com_vm_agent_v1beta1": {
+		"spec.host_aliases",
 		"spec.inlineRelabelConfig.source_labels",
 		"spec.inlineRelabelConfig.target_label",
 		"spec.nodeScrapeRelabelTemplate.source_labels",
@@ -62,6 +66,8 @@ var ignoredAttributes = map[string][]string{
 		"spec.podScrapeRelabelTemplate.target_label",
 		"spec.probeScrapeRelabelTemplate.source_labels",
 		"spec.probeScrapeRelabelTemplate.target_label",
+		"spec.inlineUrlRelabelConfig.source_labels",
+		"spec.inlineUrlRelabelConfig.target_label",
 		"spec.remoteWrite.inlineUrlRelabelConfig.source_labels",
 		"spec.remoteWrite.inlineUrlRelabelConfig.target_label",
 		"spec.remoteWrite.streamAggrConfig.rules.input_relabel_configs.source_labels",
@@ -74,6 +80,24 @@ var ignoredAttributes = map[string][]string{
 		"spec.serviceScrapeRelabelTemplate.target_label",
 		"spec.staticScrapeRelabelTemplate.source_labels",
 		"spec.staticScrapeRelabelTemplate.target_label",
+		"spec.streamAggrConfig.rules.input_relabel_configs.source_labels",
+		"spec.streamAggrConfig.rules.input_relabel_configs.target_label",
+		"spec.streamAggrConfig.rules.output_relabel_configs.source_labels",
+		"spec.streamAggrConfig.rules.output_relabel_configs.target_label",
+	},
+	"operator_victoriametrics_com_vm_alert_v1beta1": {
+		"spec.host_aliases",
+	},
+	"operator_victoriametrics_com_vm_alertmanager_v1beta1": {
+		"spec.host_aliases",
+	},
+	"operator_victoriametrics_com_vm_auth_v1beta1": {
+		"spec.host_aliases",
+	},
+	"operator_victoriametrics_com_vm_cluster_v1beta1": {
+		"spec.vminsert.host_aliases",
+		"spec.vmselect.host_aliases",
+		"spec.vmstorage.host_aliases",
 	},
 	"operator_victoriametrics_com_vm_node_scrape_v1beta1": {
 		"spec.metricRelabelConfigs.source_labels",
@@ -88,11 +112,19 @@ var ignoredAttributes = map[string][]string{
 		"spec.podMetricsEndpoints.relabelConfigs.target_label",
 	},
 	"operator_victoriametrics_com_vm_probe_v1beta1": {
+		"spec.metricRelabelConfigs.source_labels",
+		"spec.metricRelabelConfigs.target_label",
 		"spec.targets.ingress.relabelingConfigs.source_labels",
 		"spec.targets.ingress.relabelingConfigs.target_label",
 		"spec.targets.staticConfig.relabelingConfigs.source_labels",
 		"spec.targets.staticConfig.relabelingConfigs.target_label",
 	},
+	"operator_victoriametrics_com_vm_scrape_config_v1beta1": {
+		"spec.metricRelabelConfigs.source_labels",
+		"spec.metricRelabelConfigs.target_label",
+		"spec.relabelConfigs.source_labels",
+		"spec.relabelConfigs.target_label",
+	},
 	"operator_victoriametrics_com_vm_service_scrape_v1beta1": {
 		"spec.endpoints.metricRelabelConfigs.source_labels",
 		"spec.endpoints.metricRelabelConfigs.target_label",
@@ -100,6 +132,7 @@ var ignoredAttributes = map[string][]string{
 		"spec.endpoints.relabelConfigs.target_label",
 	},
 	"operator_victoriametrics_com_vm_single_v1beta1": {
+		"spec.host_aliases",
 		"spec.streamAggrConfig.rules.input_relabel_configs.source_labels",
 		"spec.streamAggrConfig.rules.input_relabel_configs.target_label",
 		"spec.streamAggrConfig.rules.output_relabel_configs.source_labels",
@@ -111,10 +144,4 @@ var ignoredAttributes = map[string][]string{
 		"spec.targetEndpoints.relabelConfigs.source_labels",
 		"spec.targetEndpoints.relabelConfigs.target_label",
 	},
-	//"apps_stateful_set_v1": {
-	//	"spec.volumeClaimTemplates.apiVersion",
-	//	"spec.volumeClaimTemplates.kind",
-	//	"spec.volumeClaimTemplates.metadata",
-	//	"spec.volumeClaimTemplates.status",
-	//},
 }