Showing preview only (1,488K chars total). Download the full file or copy to clipboard to get everything.
Repository: stefanprodan/flux-local-dev
Branch: main
Commit: d218b61a39cb
Files: 215
Total size: 1.4 MB
Directory structure:
gitextract_6yye3om7/
├── .github/
│ ├── FUNDING.yml
│ └── workflows/
│ └── test.yaml
├── .gitignore
├── Brewfile
├── LICENSE
├── Makefile
├── README.md
├── cue/
│ ├── README.md
│ ├── cue.mod/
│ │ ├── gen/
│ │ │ └── k8s.io/
│ │ │ ├── api/
│ │ │ │ ├── admission/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── admissionregistration/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apidiscovery/
│ │ │ │ │ └── v2beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apiserverinternal/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apps/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta2/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── authentication/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── authorization/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── autoscaling/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v2/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v2beta1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v2beta2/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── batch/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── certificates/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── coordination/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── core/
│ │ │ │ │ └── v1/
│ │ │ │ │ ├── annotation_key_constants_go_gen.cue
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ ├── well_known_labels_go_gen.cue
│ │ │ │ │ └── well_known_taints_go_gen.cue
│ │ │ │ ├── discovery/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ │ └── well_known_labels_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ └── well_known_labels_go_gen.cue
│ │ │ │ ├── events/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── extensions/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── flowcontrol/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── imagepolicy/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── networking/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ │ └── well_known_annotations_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ └── well_known_annotations_go_gen.cue
│ │ │ │ ├── node/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── policy/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── rbac/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── resource/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── scheduling/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ └── storage/
│ │ │ │ ├── v1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ └── v1beta1/
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ └── types_go_gen.cue
│ │ │ ├── apiextensions-apiserver/
│ │ │ │ └── pkg/
│ │ │ │ └── apis/
│ │ │ │ └── apiextensions/
│ │ │ │ └── v1/
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── types_jsonschema_go_gen.cue
│ │ │ └── apimachinery/
│ │ │ └── pkg/
│ │ │ ├── api/
│ │ │ │ └── resource/
│ │ │ │ ├── amount_go_gen.cue
│ │ │ │ ├── math_go_gen.cue
│ │ │ │ ├── quantity_go_gen.cue
│ │ │ │ └── suffix_go_gen.cue
│ │ │ ├── apis/
│ │ │ │ └── meta/
│ │ │ │ └── v1/
│ │ │ │ ├── duration_go_gen.cue
│ │ │ │ ├── group_version_go_gen.cue
│ │ │ │ ├── meta_go_gen.cue
│ │ │ │ ├── micro_time_go_gen.cue
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ ├── time_go_gen.cue
│ │ │ │ ├── time_proto_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── watch_go_gen.cue
│ │ │ ├── runtime/
│ │ │ │ ├── allocator_go_gen.cue
│ │ │ │ ├── codec_go_gen.cue
│ │ │ │ ├── conversion_go_gen.cue
│ │ │ │ ├── converter_go_gen.cue
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── embedded_go_gen.cue
│ │ │ │ ├── helper_go_gen.cue
│ │ │ │ ├── interfaces_go_gen.cue
│ │ │ │ ├── negotiate_go_gen.cue
│ │ │ │ ├── swagger_doc_generator_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── types_proto_go_gen.cue
│ │ │ ├── types/
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── namespacedname_go_gen.cue
│ │ │ │ ├── nodename_go_gen.cue
│ │ │ │ ├── patch_go_gen.cue
│ │ │ │ └── uid_go_gen.cue
│ │ │ ├── util/
│ │ │ │ └── intstr/
│ │ │ │ └── intstr_go_gen.cue
│ │ │ └── watch/
│ │ │ ├── doc_go_gen.cue
│ │ │ ├── filter_go_gen.cue
│ │ │ ├── mux_go_gen.cue
│ │ │ ├── streamwatcher_go_gen.cue
│ │ │ └── watch_go_gen.cue
│ │ └── module.cue
│ ├── go.mod
│ ├── go.sum
│ ├── main.cue
│ ├── main_tool.cue
│ ├── namespace/
│ │ ├── api.cue
│ │ ├── namespace.cue
│ │ ├── rbac.cue
│ │ └── serviceaccount.cue
│ └── podinfo/
│ ├── api.cue
│ ├── deployment.cue
│ ├── hpa.cue
│ ├── ingress.cue
│ ├── service.cue
│ ├── serviceaccount.cue
│ └── servicemonitor.cue
├── kubernetes/
│ ├── apps/
│ │ ├── namespace.yaml
│ │ └── podinfo.yaml
│ ├── clusters/
│ │ └── local/
│ │ ├── apps.yaml
│ │ ├── flux-system/
│ │ │ ├── cluster-source.yaml
│ │ │ ├── cluster-sync.yaml
│ │ │ ├── flux-pvc.yaml
│ │ │ ├── flux-source.yaml
│ │ │ ├── flux-sync.yaml
│ │ │ └── kustomization.yaml
│ │ └── infra.yaml
│ └── infra/
│ ├── config/
│ │ ├── cluster-issuers.yaml
│ │ └── flux-monitoring.yaml
│ └── controllers/
│ ├── cert-manager.yaml
│ ├── ingress-nginx.yaml
│ ├── metrics-server.yaml
│ ├── prometheus-operator.yaml
│ └── weave-gitops.yaml
└── scripts/
├── flux/
│ ├── down.sh
│ ├── push-cue.sh
│ ├── push.sh
│ └── up.sh
├── kind/
│ ├── down.sh
│ └── up.sh
└── test/
└── validate.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/FUNDING.yml
================================================
github: stefanprodan
================================================
FILE: .github/workflows/test.yaml
================================================
name: test
on:
pull_request:
push:
branches:
- main
- test*
permissions:
contents: read
jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Install tools
run: make tools
- name: Run manifests validation
run: make validate
================================================
FILE: .gitignore
================================================
bin/
flux-vnext/
cue/bin/
cue/dist/
Brewfile.lock.json
================================================
FILE: Brewfile
================================================
# Kubernetes
brew "kubectl"
brew "kind"
# Kubernetes tools
brew "yq"
brew "jq"
brew "cue"
brew "helm"
brew "kustomize"
brew "kubeconform"
# OCI tools
brew "oras"
brew "crane"
brew "cosign"
# Flux
tap "fluxcd/tap"
brew "fluxcd/tap/flux"
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: Makefile
================================================
# Flux local dev environment with Docker and Kubernetes KIND
# Requirements:
# - Docker
# - Homebrew
.PHONY: up
up: cluster-up flux-push flux-up ## Create the local cluster and registry, install Flux and the cluster addons
kubectl -n flux-system wait kustomization/cluster-sync --for=condition=ready --timeout=5m
kubectl -n flux-system wait kustomization/apps-sync --for=condition=ready --timeout=5m
.PHONY: down
down: cluster-down ## Delete the local cluster and registry
.PHONY: sync
sync: flux-push ## Build, push and reconcile the manifests
flux reconcile ks cluster-sync --with-source
flux reconcile ks apps-sync --with-source
.PHONY: check
check: ## Check if the NGINX ingress self-signed TLS works
curl --insecure https://podinfo.flux.local
.PHONY: tools
tools: ## Install Kubernetes kind, kubectl, FLux CLI and other tools with Homebrew
brew bundle
.PHONY: validate
validate: ## Validate the Kubernetes manifests (including Flux custom resources)
scripts/test/validate.sh
.PHONY: cluster-up
cluster-up:
scripts/kind/up.sh
.PHONY: cluster-down
cluster-down:
scripts/kind/down.sh
.PHONY: flux-up
flux-up:
scripts/flux/up.sh
.PHONY: flux-down
flux-down:
scripts/flux/down.sh
.PHONY: flux-push
flux-push:
scripts/flux/push.sh
.PHONY: cue-mod
cue-mod:
@cd cue && go get -u k8s.io/api/... && cue get go k8s.io/api/...
.PHONY: cue-gen
cue-gen: ## Print the CUE generated objects
@cd cue && cue fmt ./... && cue vet --all-errors --concrete ./...
@cd cue && cue gen
.PHONY: cue-ls
cue-ls: ## List the CUE generated objects
@cd cue && cue ls
.PHONY: cue-push
cue-push: ## Push the CUE generated manifests to the registry
scripts/flux/push-cue.sh
.PHONY: help
help: ## Display this help menu
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
================================================
FILE: README.md
================================================
# flux-local-dev
[](https://github.com/stefanprodan/flux-local-dev/actions)
[](https://github.com/stefanprodan/flux-local-dev/blob/main/LICENSE)
[](https://github.com/stefanprodan/flux-local-dev/releases)
Spin up a local dev environment for [Flux](https://github.com/fluxcd/flux2)
with Docker and Kubernetes KIND in under five minutes.
## Who is this for?
- **Flux users** who want to test Flux configs locally, without having to push changes to a Git repository.
Config changes are pushed to a local registry and synced on the cluster by Flux automatically.
- **Flux contributors** who want to test their changes to Flux controllers locally,
without having to push the container images to an external registry.
- **Flux maintainers** who want to test Flux prereleases on various Kubernetes versions and configurations.
## How does it work?
This project spins up a Docker Registry container named `kind-registry` and a Kubernetes Kind cluster
named `flux` under the same Docker network. Then it installs Flux and configures it to upgrade itself
from the latest OCI artifact published at `ghcr.io/fluxcd/flux-manifests`. Before an upgrade, Flux
verifies that the OCI artifacts are signed by the Flux team with Cosign and GitHub OIDC.
| Component | Role | Host |
|----------------------------------------------------------------------------------------------------------|---------------------------------|-----------------------------|
| [Kubernetes KIND](https://kind.sigs.k8s.io/) | Local cluster | Binds to port 80 and 443 |
| [Docker Registry](https://docs.docker.com/registry/) | Local registry | Binds to port 5050 |
| [Flux](https://fluxcd.io) | Cluster reconciler | - |
| [ingress-nginx](https://github.com/kubernetes/ingress-nginx) | Ingress for `*.flux.local` | - |
| [cert-manager](https://github.com/cert-manager/cert-manager) | Self-signed ingress certs | - |
| [metrics-server](https://github.com/kubernetes-sigs/metrics-server) | Container resource metrics | - |
| [kube-prometheus-stack](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) | Prometheus Operator and Grafana | Binds to grafana.flux.local |
| [weave-gitops](https://github.com/weaveworks/weave-gitops) | Flux UI | Binds to ui.flux.local |
| [podinfo](https://github.com/stefanprodan/podinfo) | Demo app | Binds to podinfo.flux.local |
The Docker registry is exposed on the local machine on `localhost:5050` and inside the cluster
on `kind-registry:5000`. The registry servers two purposes:
- hosts container images e.g. `docker push localhost:5050/podinfo:test1`
- hosts OCI artifacts e.g. `flux push artifact oci://localhost:5050/podinfo-manifests:test1`
To facilitate ingress access to the Flux UI and any other
application running inside the cluster, the Kubernetes Kind container
binds to port `80` and `443` on localhost.
Ingress is handled by Kubernetes ingress-nginx and self-signed TLS certs
are provided by cert-manager.
To monitor how the deployed applications perform on the cluster,
the kube-prometheus-stack and metrics-server Helm charts are installed at
bootstrap along with the Flux Grafana dashboards.
To monitor and debug Flux using a Web UI, the Weave GitOps Helm chart is
installed at bootstrap.
## How to get started?
### Prerequisites
Start by cloning the repository locally:
```shell
git clone https://github.com/stefanprodan/flux-local-dev.git
cd flux-local-dev
```
Install Kubernetes kind, kubectl, flux and other CLI tools with Homebrew:
```shell
make tools
```
The complete list of tools can be found in the `Brewfile`.
Note that the minimum required version of Flux is `v2.0.0-rc.1`.
### Bootstrap
Start the dev environment with:
```shell
make up
```
The `make up` command performs the following steps:
- creates the Docker registry container if it's not already running
- creates the Kubernetes Kind cluster if it's not already running
- pushes the Kubernetes manifests as OCI artifacts to the local registry
- `locahost:5050/flux-cluster-sync` is generated from `kubernetes/clusters/local`
- `locahost:5050/flux-infra-sync` is generated from `kubernetes/infra`
- `locahost:5050/flux-apps-sync` is generated from `kubernetes/apps`
- installs Flux on the clusters and configures it to self upgrade from `oci://ghcr.io/fluxcd/flux-manifests`
- waits for Flux to reconcile the cluster addons from `oci://kind-registry:5000/flux-infra-sync`
- waits for Flux to reconcile the demo apps from `oci://kind-registry:5000/flux-apps-sync`
### Access Flux UI
Add the following domains to `/etc/hosts`:
```txt
127.0.0.1 podinfo.flux.local
127.0.0.1 grafana.flux.local
127.0.0.1 ui.flux.local
```
Verify that the NGINX ingress self-signed TLS works:
```shell
make check
```
Access the Flux UI and Grafana using the username `admin` and password `flux`:
- [http://ui.flux.local/applications](http://ui.flux.local/applications)
- [http://grafana.flux.local/d/flux-control-plane](http://grafana.flux.local/d/flux-control-plane/flux-control-plane?orgId=1&refresh=10s) (username: admin, password: flux)
- [http://grafana.flux.local/d/flux-cluster](http://grafana.flux.local/d/flux-cluster/flux-cluster-stats?orgId=1&refresh=10s)
Access the demo application on [http://podinfo.flux.local](http://podinfo.flux.local/).
### Sync local changes
Add a label to the `apps` namespace definition:
```shell
yq eval '.metadata.labels.env="dev"' -i ./kubernetes/apps/namespace.yaml
```
Validate the Kubernetes manifests and Flux custom resources:
```shell
make validate
```
Push the changes to the local registry with:
```shell
make sync
```
Verify that Flux has reconciled the namespace:
```shell
kubectl get ns apps --show-labels
```
### Teardown
Delete the registry and the Kubernetes cluster with:
```shell
make down
```
## How to use CUE for manifests generation?
In the [cue](/cue) directory you can find an example of how to use
[cuelang](https://cuelang.org/)
to define and generate Kubernetes resources.
List the CUE generated resources with `make cue-ls`:
```console
$ make cue-ls
RESOURCE API VERSION
Namespace/cue-apps v1
ServiceAccount/cue-apps/flux-cue-apps v1
Service/cue-apps/podinfo v1
ServiceAccount/cue-apps/podinfo v1
Deployment/cue-apps/podinfo apps/v1
HorizontalPodAutoscaler/cue-apps/podinfo autoscaling/v2beta2
Ingress/cue-apps/podinfo networking.k8s.io/v1
ServiceMonitor/cue-apps/podinfo monitoring.coreos.com/v1
RoleBinding/cue-apps/flux-cue-apps rbac.authorization.k8s.io/v1
```
Push the generated resources to the local registry with `make cue-push`:
```console
$ make cue-push
► pushing artifact to localhost:5050/flux-cue-apps-sync:local
✔ artifact successfully pushed to localhost:5050/flux-cue-apps-sync@sha256:59676338abbb245a80345713fea24c2686c8c38cbd235691dd0af0fdc00fe116
```
To reconcile the resources on the cluster, add a file called `cue-apps.yaml` to the `kubernetes/cluster/local` directory:
```yaml
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: cue-apps-source
namespace: flux-system
spec:
insecure: true
interval: 1m
provider: generic
ref:
tag: local
url: oci://kind-registry:5000/flux-cue-apps-sync
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cue-apps-sync
namespace: flux-system
spec:
dependsOn:
- name: infra-config
interval: 5m
retryInterval: 30s
timeout: 5m
path: ./
prune: true
sourceRef:
kind: OCIRepository
name: cue-apps-source
```
Sync the changes on the cluster with:
```shell
make sync
```
List the reconciled objects with:
```console
$ flux tree ks cue-apps-sync
Kustomization/flux-system/cue-apps-sync
├── Namespace/cue-apps
├── ServiceAccount/cue-apps/flux-cue-apps
├── ServiceAccount/cue-apps/podinfo
├── RoleBinding/cue-apps/flux-cue-apps
├── Service/cue-apps/podinfo
├── Deployment/cue-apps/podinfo
├── HorizontalPodAutoscaler/cue-apps/podinfo
├── ServiceMonitor/cue-apps/podinfo
└── Ingress/cue-apps/podinfo
```
If you make changes to the CUE definitions, run `make cue-push` and Flux will apply the changes on its own.
## How to test Flux controllers?
Assuming you are contributing a change to kustomize-controller,
and you want to run a series of end-to-end tests before opening a PR.
Most importantly, you want to make sure your changes don't break Flux
capability to upgrade itself.
### Build and push the controller image
From within the kustomize-controller local clone, run `make docker-build` to build the controller image.
If your local machine is an Apple M1, set the arch to `linux/arm64` and run:
```shell
IMG=localhost:5050/kustomize-controller:latest make docker-build docker-push
BUILD_PLATFORMS=linux/arm64 make docker-build
```
Tag and push the image to your local registry:
```shell
docker tag fluxcd/kustomize-controller:latest localhost:5050/kustomize-controller:test1
docker push localhost:5050/kustomize-controller:test1
```
### Deploy the controller
From within the flux-local-dev clone, open the `kubernetes/clusters/local/flux-system/flux-sync.yaml` file
and add an image patch:
```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-sync
namespace: flux-system
spec:
images:
- name: ghcr.io/fluxcd/kustomize-controller
newName: localhost:5050/kustomize-controller
newTag: test1
```
Sync the changes on the cluster with `make sync` and verify that the image is being rolled out:
```shell
make sync
kubectl -n flux-system get deploy/kustomize-controller --watch
```
Finally, verify that the upgrade was successful with:
```console
$ flux check
✔ kustomize-controller: deployment ready
► localhost:5050/kustomize-controller:test1
```
If you don't want to bump the image tag on every build, you can bypass the local registry
and import the image directly in the cluster cache:
```shell
export IMG=localhost:5050/kustomize-controller:test1
IMG=${IMG} make docker-build &&
kind import docker-image ${IMG} &&
kubectl delete pod -n flux-system -l app=kustomize-controller
```
## How to test Flux prereleases?
Assuming you are maintainer, and you want to test the Flux controller suite
before a release.
### Build and push the manifests
From within the flux2 local clone, run `make build-dev` to build the Flux CLI
binary that embeds the install manifests.
Extract the manifests to a directory with:
```shell
mkdir -p flux-vnext
./bin/flux install --components-extra=image-reflector-controller,image-automation-controller \
--export > ./flux-vnext/install.yaml
```
Push the manifests to your local registry:
```shell
./bin/flux push artifact oci://localhost:5050/flux:latest --path ./flux-vnext \
--source="$(git config --get remote.origin.url)" \
--revision="$(git rev-parse HEAD)"
```
### Deploy the controllers
From within the flux-local-dev clone, open the `kubernetes/clusters/local/flux-system/flux-source.yaml` file,
change the URL to point to your local registry and enable the insecure flag:
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: flux-source
namespace: flux-system
spec:
url: oci://kind-registry:5000/flux
insecure: true
```
Sync the changes on the cluster with `make sync` and wait for the new version to rollout:
```shell
make sync
flux reconcile ks flux-sync --with-source
```
Finally, verify that the upgrade was successful with:
```shell
flux check
```
## How to test Flux CRDs?
Assuming you are contributing an API change to source-controller,
and you want to run a series of end-to-end tests before opening a PR.
### Build and push the controller image
From within the source-controller local clone, run `make docker-build` to build the controller image.
If your local machine is an Apple M1, set the arch to `linux/arm64` and run:
```shell
IMG=localhost:5050/source-controller \
TAG=oci1 \
BUILD_PLATFORMS=linux/arm64 \
BUILD_ARGS=--load \
make docker-build docker-push
```
### Build and push the manifests
From within the source-controller local clone, extract the Flux manifests to a directory:
```shell
mkdir -p flux-vnext
flux install --components-extra=image-reflector-controller,image-automation-controller \
--export > ./flux-vnext/install.yaml
```
Replace the CRD with the one from your branch:
```shell
export CRD_NAME="ocirepositories.source.toolkit.fluxcd.io"
yq e 'select(.metadata.name != env(CRD_NAME))' -i ./flux-vnext/install.yaml
CRD_BASE_PATH="./config/crd/bases"
CRD_FILE_NAME="source.toolkit.fluxcd.io_ocirepositories.yaml"
cp ${CRD_BASE_PATH}/${CRD_FILE_NAME} ./flux-vnext/
```
Push the manifests to your local registry:
```shell
flux push artifact oci://localhost:5050/flux:latest --path ./flux-vnext \
--source="$(git config --get remote.origin.url)" \
--revision="$(git rev-parse HEAD)"
```
### Deploy the controller
From within the flux-local-dev clone, open the `kubernetes/clusters/local/flux-system/flux-source.yaml` file,
change the URL to point to your local registry and enable the insecure flag:
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: flux-source
namespace: flux-system
spec:
url: oci://kind-registry:5000/flux
insecure: true
```
Open the `kubernetes/clusters/local/flux-system/flux-sync.yaml` file
and patch the controller deployment with the local image:
```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-sync
namespace: flux-system
spec:
images:
- name: ghcr.io/fluxcd/source-controller
newName: localhost:5050/source-controller
newTag: oci1
```
Sync the changes on the cluster with `make sync` and wait for the new version to rollout:
```shell
make sync
flux reconcile ks flux-sync --with-source
```
### Manual testing
Test the new feature by adding a Flux resource to the `kubernetes/apps/source-test.yaml`:
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: podinfo-keyless
namespace: apps
spec:
interval: 5m
url: oci://ghcr.io/stefanprodan/manifests/podinfo
ref:
semver: "*"
verify:
provider: cosign
```
Sync the changes on the cluster and see the reconciliation result:
```shell
make sync
flux get source oci podinfo-keyless -n apps
```
================================================
FILE: cue/README.md
================================================
# Podinfo CUE module
This directory contains a [CUE](https://cuelang.org/docs/) module and tooling
for generating [podinfo](https://github.com/stefanprodan/podinfo)'s Kubernetes resources.
The module contains a `podinfo.#App` definition which takes `podinfo.#AppSpec` as input.
## Prerequisites
Install CUE with:
```shell
brew install cue
```
## Configuration
Configure the application in `main.cue`:
```cue
app: podinfo.#App & {
spec: {
meta: {
name: "podinfo"
namespace: appsNamespace.spec.name
}
image: tag: "6.2.0"
resources: requests: {
cpu: "100m"
memory: "16Mi"
}
hpa: {
enabled: true
maxReplicas: 3
}
ingress: {
enabled: true
className: "nginx"
host: "podinfo.flux.local"
tls: true
annotations: {
"nginx.ingress.kubernetes.io/ssl-redirect": "false"
"nginx.ingress.kubernetes.io/force-ssl-redirect": "false"
"cert-manager.io/cluster-issuer": "self-signed"
}
}
serviceMonitor: enabled: true
}
}
```
## Generate the manifests
```shell
cue gen
```
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1
package v1
#GroupName: "admission.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// AdmissionReview describes an admission review request/response.
#AdmissionReview: {
metav1.#TypeMeta
// Request describes the attributes for the admission request.
// +optional
request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt)
// Response describes the attributes for the admission response.
// +optional
response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt)
}
// AdmissionRequest describes the admission.Attributes for the admission request.
#AdmissionRequest: {
// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
// otherwise identical (parallel requests, requests when earlier requests did not modify etc)
// The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt)
// Resource is the fully-qualified resource being requested (for example, v1.pods)
resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt)
// SubResource is the subresource being requested, if any (for example, "status" or "scale")
// +optional
subResource?: string @go(SubResource) @protobuf(4,bytes,opt)
// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type for more details.
// +optional
requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt)
// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt)
// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
// If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt)
// Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
// rely on the server to generate the name. If that is the case, this field will contain an empty string.
// +optional
name?: string @go(Name) @protobuf(5,bytes,opt)
// Namespace is the namespace associated with the request (if any).
// +optional
namespace?: string @go(Namespace) @protobuf(6,bytes,opt)
// Operation is the operation being performed. This may be different than the operation
// requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
operation: #Operation @go(Operation) @protobuf(7,bytes,opt)
// UserInfo is information about the requesting user
userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt)
// Object is the object from the incoming request.
// +optional
object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt)
// OldObject is the existing object. Only populated for DELETE and UPDATE requests.
// +optional
oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt)
// DryRun indicates that modifications will definitely not be persisted for this request.
// Defaults to false.
// +optional
dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt)
// Options is the operation option structure of the operation being performed.
// e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
// different than the options the caller provided. e.g. for a patch request the performed
// Operation might be a CREATE, in which case the Options will a
// `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
// +optional
options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt)
}
// AdmissionResponse describes an admission response.
#AdmissionResponse: {
// UID is an identifier for the individual request/response.
// This must be copied over from the corresponding AdmissionRequest.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Allowed indicates whether or not the admission request was permitted.
allowed: bool @go(Allowed) @protobuf(2,varint,opt)
// Result contains extra details into why an admission request was denied.
// This field IS NOT consulted in any way if "Allowed" is "true".
// +optional
status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt)
// The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
// +optional
patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt)
// The type of Patch. Currently we only allow "JSONPatch".
// +optional
patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt)
// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
// the admission webhook to add additional context to the audit log for this request.
// +optional
auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt)
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep)
}
// PatchType is the type of patch being used to represent the mutated object
#PatchType: string // #enumPatchType
#enumPatchType:
#PatchTypeJSONPatch
#PatchTypeJSONPatch: #PatchType & "JSONPatch"
// Operation is the type of resource operation being checked for admission control
#Operation: string // #enumOperation
#enumOperation:
#Create |
#Update |
#Delete |
#Connect
#Create: #Operation & "CREATE"
#Update: #Operation & "UPDATE"
#Delete: #Operation & "DELETE"
#Connect: #Operation & "CONNECT"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admission/v1beta1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1beta1
package v1beta1
#GroupName: "admission.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admission/v1beta1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1beta1
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// AdmissionReview describes an admission review request/response.
#AdmissionReview: {
metav1.#TypeMeta
// Request describes the attributes for the admission request.
// +optional
request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt)
// Response describes the attributes for the admission response.
// +optional
response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt)
}
// AdmissionRequest describes the admission.Attributes for the admission request.
#AdmissionRequest: {
// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
// otherwise identical (parallel requests, requests when earlier requests did not modify etc)
// The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt)
// Resource is the fully-qualified resource being requested (for example, v1.pods)
resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt)
// SubResource is the subresource being requested, if any (for example, "status" or "scale")
// +optional
subResource?: string @go(SubResource) @protobuf(4,bytes,opt)
// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type for more details.
// +optional
requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt)
// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt)
// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
// If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt)
// Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
// rely on the server to generate the name. If that is the case, this field will contain an empty string.
// +optional
name?: string @go(Name) @protobuf(5,bytes,opt)
// Namespace is the namespace associated with the request (if any).
// +optional
namespace?: string @go(Namespace) @protobuf(6,bytes,opt)
// Operation is the operation being performed. This may be different than the operation
// requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
operation: #Operation @go(Operation) @protobuf(7,bytes,opt)
// UserInfo is information about the requesting user
userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt)
// Object is the object from the incoming request.
// +optional
object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt)
// OldObject is the existing object. Only populated for DELETE and UPDATE requests.
// +optional
oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt)
// DryRun indicates that modifications will definitely not be persisted for this request.
// Defaults to false.
// +optional
dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt)
// Options is the operation option structure of the operation being performed.
// e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
// different than the options the caller provided. e.g. for a patch request the performed
// Operation might be a CREATE, in which case the Options will a
// `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
// +optional
options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt)
}
// AdmissionResponse describes an admission response.
#AdmissionResponse: {
// UID is an identifier for the individual request/response.
// This should be copied over from the corresponding AdmissionRequest.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Allowed indicates whether or not the admission request was permitted.
allowed: bool @go(Allowed) @protobuf(2,varint,opt)
// Result contains extra details into why an admission request was denied.
// This field IS NOT consulted in any way if "Allowed" is "true".
// +optional
status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt)
// The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
// +optional
patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt)
// The type of Patch. Currently we only allow "JSONPatch".
// +optional
patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt)
// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
// the admission webhook to add additional context to the audit log for this request.
// +optional
auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt)
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep)
}
// PatchType is the type of patch being used to represent the mutated object
#PatchType: string // #enumPatchType
#enumPatchType:
#PatchTypeJSONPatch
#PatchTypeJSONPatch: #PatchType & "JSONPatch"
// Operation is the type of resource operation being checked for admission control
#Operation: string // #enumOperation
#enumOperation:
#Create |
#Update |
#Delete |
#Connect
#Create: #Operation & "CREATE"
#Update: #Operation & "UPDATE"
#Delete: #Operation & "DELETE"
#Connect: #Operation & "CONNECT"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
// Package v1 is the v1 version of the API.
// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration
// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the
// new dynamic admission controller configuration.
package v1
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
package v1
#GroupName: "admissionregistration.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
#Rule: {
// APIGroups is the API groups the resources belong to. '*' is all groups.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep)
// APIVersions is the API versions the resources belong to. '*' is all versions.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep)
// Resources is a list of resources this rule applies to.
//
// For example:
// 'pods' means pods.
// 'pods/log' means the log subresource of pods.
// '*' means all resources, but not subresources.
// 'pods/*' means all subresources of pods.
// '*/scale' means all scale subresources.
// '*/*' means all resources and their subresources.
//
// If wildcard is present, the validation rule will ensure resources do not
// overlap with each other.
//
// Depending on the enclosing object, subresources might not be allowed.
// Required.
// +listType=atomic
resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
// scope specifies the scope of this rule.
// Valid values are "Cluster", "Namespaced", and "*"
// "Cluster" means that only cluster-scoped resources will match this rule.
// Namespace API objects are cluster-scoped.
// "Namespaced" means that only namespaced resources will match this rule.
// "*" means that there are no scope restrictions.
// Subresources match the scope of their parent resource.
// Default is "*".
//
// +optional
scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep)
}
// ScopeType specifies a scope for a Rule.
// +enum
#ScopeType: string // #enumScopeType
#enumScopeType:
#ClusterScope |
#NamespacedScope |
#AllScopes
// ClusterScope means that scope is limited to cluster-scoped objects.
// Namespace objects are cluster-scoped.
#ClusterScope: #ScopeType & "Cluster"
// NamespacedScope means that scope is limited to namespaced objects.
#NamespacedScope: #ScopeType & "Namespaced"
// AllScopes means that all scopes are included.
#AllScopes: #ScopeType & "*"
// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
// +enum
#FailurePolicyType: string // #enumFailurePolicyType
#enumFailurePolicyType:
#Ignore |
#Fail
// Ignore means that an error calling the webhook is ignored.
#Ignore: #FailurePolicyType & "Ignore"
// Fail means that an error calling the webhook causes the admission to fail.
#Fail: #FailurePolicyType & "Fail"
// MatchPolicyType specifies the type of match policy.
// +enum
#MatchPolicyType: string // #enumMatchPolicyType
#enumMatchPolicyType:
#Exact |
#Equivalent
// Exact means requests should only be sent to the webhook if they exactly match a given rule.
#Exact: #MatchPolicyType & "Exact"
// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
#Equivalent: #MatchPolicyType & "Equivalent"
// SideEffectClass specifies the types of side effects a webhook may have.
// +enum
#SideEffectClass: string // #enumSideEffectClass
#enumSideEffectClass:
#SideEffectClassUnknown |
#SideEffectClassNone |
#SideEffectClassSome |
#SideEffectClassNoneOnDryRun
// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassUnknown: #SideEffectClass & "Unknown"
// SideEffectClassNone means that calling the webhook will have no side effects.
#SideEffectClassNone: #SideEffectClass & "None"
// SideEffectClassSome means that calling the webhook will possibly have side effects.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassSome: #SideEffectClass & "Some"
// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the
// request being reviewed has the dry-run attribute, the side effects will be suppressed.
#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun"
// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
#ValidatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
#ValidatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ValidatingWebhookConfiguration.
items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
#MutatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
#MutatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of MutatingWebhookConfiguration.
items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
#ValidatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Fail.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Equivalent"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some.
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 10 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
}
// MutatingWebhook describes an admission webhook and the resources and operations it applies to.
#MutatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Fail.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Equivalent"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some.
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 10 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
// Allowed values are "Never" and "IfNeeded".
//
// Never: the webhook will not be called more than once in a single admission evaluation.
//
// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation
// if the object being admitted is modified by other admission plugins after the initial webhook call.
// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
// Note:
// * the number of additional invocations is not guaranteed to be exactly one.
// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
// * webhooks that use this option may be reordered to minimize the number of additional invocations.
// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
//
// Defaults to "Never".
// +optional
reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType)
}
// ReinvocationPolicyType specifies what type of policy the admission hook uses.
// +enum
#ReinvocationPolicyType: string // #enumReinvocationPolicyType
#enumReinvocationPolicyType:
#NeverReinvocationPolicy |
#IfNeededReinvocationPolicy
// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a
// single admission evaluation.
#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never"
// IfNeededReinvocationPolicy indicates that the webhook may be called at least one
// additional time as part of the admission evaluation if the object being admitted is
// modified by other admission plugins after the initial webhook call.
#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded"
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
#RuleWithOperations: {
// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
// for all of those operations and any future admission operations that are added.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType)
#Rule
}
// OperationType specifies an operation for a request.
// +enum
#OperationType: string // #enumOperationType
#enumOperationType:
#OperationAll |
#Create |
#Update |
#Delete |
#Connect
#OperationAll: #OperationType & "*"
#Create: #OperationType & "CREATE"
#Update: #OperationType & "UPDATE"
#Delete: #OperationType & "DELETE"
#Connect: #OperationType & "CONNECT"
// WebhookClientConfig contains the information to make a TLS
// connection with the webhook
#WebhookClientConfig: {
// `url` gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
}
// ServiceReference holds a reference to Service.legacy.k8s.io
#ServiceReference: {
// `namespace` is the namespace of the service.
// Required
namespace: string @go(Namespace) @protobuf(1,bytes,opt)
// `name` is the name of the service.
// Required
name: string @go(Name) @protobuf(2,bytes,opt)
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `port` should be a valid port number (1-65535, inclusive).
// +optional
port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
}
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/doc_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1
// Package v1alpha1 is the v1alpha1 version of the API.
package v1alpha1
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1
package v1alpha1
#GroupName: "admissionregistration.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1
package v1alpha1
import (
"k8s.io/api/admissionregistration/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
#Rule: v1.#Rule
// ScopeType specifies a scope for a Rule.
// +enum
#ScopeType: v1.#ScopeType // #enumScopeType
#enumScopeType:
#ClusterScope |
#NamespacedScope |
#AllScopes
// ClusterScope means that scope is limited to cluster-scoped objects.
// Namespace objects are cluster-scoped.
#ClusterScope: v1.#ScopeType & "Cluster"
// NamespacedScope means that scope is limited to namespaced objects.
#NamespacedScope: v1.#ScopeType & "Namespaced"
// AllScopes means that all scopes are included.
#AllScopes: v1.#ScopeType & "*"
// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
// +enum
#FailurePolicyType: string // #enumFailurePolicyType
#enumFailurePolicyType:
#Ignore |
#Fail
// Ignore means that an error calling the webhook is ignored.
#Ignore: #FailurePolicyType & "Ignore"
// Fail means that an error calling the webhook causes the admission to fail.
#Fail: #FailurePolicyType & "Fail"
// MatchPolicyType specifies the type of match policy.
// +enum
#MatchPolicyType: string // #enumMatchPolicyType
#enumMatchPolicyType:
#Exact |
#Equivalent
// Exact means requests should only be sent to the webhook if they exactly match a given rule.
#Exact: #MatchPolicyType & "Exact"
// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
#Equivalent: #MatchPolicyType & "Equivalent"
// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
#ValidatingAdmissionPolicy: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the ValidatingAdmissionPolicy.
spec?: #ValidatingAdmissionPolicySpec @go(Spec) @protobuf(2,bytes,opt)
}
// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
#ValidatingAdmissionPolicyList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ValidatingAdmissionPolicy.
items?: [...#ValidatingAdmissionPolicy] @go(Items,[]ValidatingAdmissionPolicy) @protobuf(2,bytes,rep)
}
// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
#ValidatingAdmissionPolicySpec: {
// ParamKind specifies the kind of resources used to parameterize this policy.
// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
// If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
// If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
// +optional
paramKind?: null | #ParamKind @go(ParamKind,*ParamKind) @protobuf(1,bytes,rep)
// MatchConstraints specifies what resources this policy is designed to validate.
// The AdmissionPolicy cares about a request if it matches _all_ Constraints.
// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
// ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
// Required.
matchConstraints?: null | #MatchResources @go(MatchConstraints,*MatchResources) @protobuf(2,bytes,rep)
// Validations contain CEL expressions which is used to apply the validation.
// A minimum of one validation is required for a policy definition.
// +listType=atomic
// Required.
validations: [...#Validation] @go(Validations,[]Validation) @protobuf(3,bytes,rep)
// FailurePolicy defines how to handle failures for the admission policy.
// Failures can occur from invalid or mis-configured policy definitions or bindings.
// A policy is invalid if spec.paramKind refers to a non-existent Kind.
// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
// Allowed values are Ignore or Fail. Defaults to Fail.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
}
// ParamKind is a tuple of Group Kind and Version.
// +structType=atomic
#ParamKind: {
// APIVersion is the API group version the resources belong to.
// In format of "group/version".
// Required.
apiVersion?: string @go(APIVersion) @protobuf(1,bytes,rep)
// Kind is the API kind the resources belong to.
// Required.
kind?: string @go(Kind) @protobuf(2,bytes,rep)
}
// Validation specifies the CEL expression which is used to apply the validation.
#Validation: {
// Expression represents the expression which will be evaluated by CEL.
// ref: https://github.com/google/cel-spec
// CEL expressions have access to the contents of the Admission request/response, organized into CEL variables as well as some other useful variables:
//
//'object' - The object from the incoming request. The value is null for DELETE requests.
//'oldObject' - The existing object. The value is null for CREATE requests.
//'request' - Attributes of the admission request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
//'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
//
// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
// object. No other metadata properties are accessible.
//
// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
// Accessible property names are escaped according to the following rules when accessed in the expression:
// - '__' escapes to '__underscores__'
// - '.' escapes to '__dot__'
// - '-' escapes to '__dash__'
// - '/' escapes to '__slash__'
// - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
// "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
// "import", "let", "loop", "package", "namespace", "return".
// Examples:
// - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
//
// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
// non-intersecting elements in `Y` are appended, retaining their partial order.
// - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
// are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
// non-intersecting keys are appended, retaining their partial order.
// Required.
expression: string @go(Expression) @protobuf(1,bytes,opt,name=Expression)
// Message represents the message displayed when validation fails. The message is required if the Expression contains
// line breaks. The message must not contain line breaks.
// If unset, the message is "failed rule: {Rule}".
// e.g. "must be a URL with the host matching spec.host"
// If the Expression contains line breaks. Message is required.
// The message must not contain line breaks.
// If unset, the message is "failed Expression: {Expression}".
// +optional
message?: string @go(Message) @protobuf(2,bytes,opt)
// Reason represents a machine-readable description of why this validation failed.
// If this is the first validation in the list to fail, this reason, as well as the
// corresponding HTTP response code, are used in the
// HTTP response to the client.
// The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge".
// If not set, StatusReasonInvalid is used in the response to the client.
// +optional
reason?: null | metav1.#StatusReason @go(Reason,*metav1.StatusReason) @protobuf(3,bytes,opt)
}
// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
#ValidatingAdmissionPolicyBinding: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
spec?: #ValidatingAdmissionPolicyBindingSpec @go(Spec) @protobuf(2,bytes,opt)
}
// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
#ValidatingAdmissionPolicyBindingList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of PolicyBinding.
items?: [...#ValidatingAdmissionPolicyBinding] @go(Items,[]ValidatingAdmissionPolicyBinding) @protobuf(2,bytes,rep)
}
// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
#ValidatingAdmissionPolicyBindingSpec: {
// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
// If the referenced resource does not exist, this binding is considered invalid and will be ignored
// Required.
policyName?: string @go(PolicyName) @protobuf(1,bytes,rep)
// ParamRef specifies the parameter resource used to configure the admission control policy.
// It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
// +optional
paramRef?: null | #ParamRef @go(ParamRef,*ParamRef) @protobuf(2,bytes,rep)
// MatchResources declares what resources match this binding and will be validated by it.
// Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
// If this is unset, all resources matched by the policy are validated by this binding
// When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
// Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
// +optional
matchResources?: null | #MatchResources @go(MatchResources,*MatchResources) @protobuf(3,bytes,rep)
}
// ParamRef references a parameter resource
// +structType=atomic
#ParamRef: {
// Name of the resource being referenced.
name?: string @go(Name) @protobuf(1,bytes,rep)
// Namespace of the referenced resource.
// Should be empty for the cluster-scoped resources
// +optional
namespace?: string @go(Namespace) @protobuf(2,bytes,rep)
}
// MatchResources decides whether to run the admission control policy on an object based
// on whether it meets the match criteria.
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
// +structType=atomic
#MatchResources: {
// NamespaceSelector decides whether to run the admission control policy on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the policy.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the policy on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// ObjectSelector decides whether to run the validation based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the cel validation, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
// The policy cares about an operation if it matches _any_ Rule.
// +listType=atomic
// +optional
resourceRules?: [...#NamedRuleWithOperations] @go(ResourceRules,[]NamedRuleWithOperations) @protobuf(3,bytes,rep)
// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
// +listType=atomic
// +optional
excludeResourceRules?: [...#NamedRuleWithOperations] @go(ExcludeResourceRules,[]NamedRuleWithOperations) @protobuf(4,bytes,rep)
// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
//
// Defaults to "Equivalent"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(7,bytes,opt,casttype=MatchPolicyType)
}
// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
// +structType=atomic
#NamedRuleWithOperations: {
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// +listType=atomic
// +optional
resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(1,bytes,rep)
v1.#RuleWithOperations
}
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
#RuleWithOperations: v1.#RuleWithOperations
// OperationType specifies an operation for a request.
// +enum
#OperationType: v1.#OperationType // #enumOperationType
#enumOperationType:
#OperationAll |
#Create |
#Update |
#Delete |
#Connect
#OperationAll: v1.#OperationType & "*"
#Create: v1.#OperationType & "CREATE"
#Update: v1.#OperationType & "UPDATE"
#Delete: v1.#OperationType & "DELETE"
#Connect: v1.#OperationType & "CONNECT"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/doc_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1
// Package v1beta1 is the v1beta1 version of the API.
// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration
// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the
// new dynamic admission controller configuration.
package v1beta1
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1
package v1beta1
#GroupName: "admissionregistration.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1
package v1beta1
import (
"k8s.io/api/admissionregistration/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
#Rule: v1.#Rule
// ScopeType specifies a scope for a Rule.
#ScopeType: v1.#ScopeType // #enumScopeType
#enumScopeType:
#ClusterScope |
#NamespacedScope |
#AllScopes
// ClusterScope means that scope is limited to cluster-scoped objects.
// Namespace objects are cluster-scoped.
#ClusterScope: v1.#ScopeType & "Cluster"
// NamespacedScope means that scope is limited to namespaced objects.
#NamespacedScope: v1.#ScopeType & "Namespaced"
// AllScopes means that all scopes are included.
#AllScopes: v1.#ScopeType & "*"
// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
#FailurePolicyType: string // #enumFailurePolicyType
#enumFailurePolicyType:
#Ignore |
#Fail
// Ignore means that an error calling the webhook is ignored.
#Ignore: #FailurePolicyType & "Ignore"
// Fail means that an error calling the webhook causes the admission to fail.
#Fail: #FailurePolicyType & "Fail"
// MatchPolicyType specifies the type of match policy
#MatchPolicyType: string // #enumMatchPolicyType
#enumMatchPolicyType:
#Exact |
#Equivalent
// Exact means requests should only be sent to the webhook if they exactly match a given rule
#Exact: #MatchPolicyType & "Exact"
// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
#Equivalent: #MatchPolicyType & "Equivalent"
// SideEffectClass specifies the types of side effects a webhook may have.
#SideEffectClass: string // #enumSideEffectClass
#enumSideEffectClass:
#SideEffectClassUnknown |
#SideEffectClassNone |
#SideEffectClassSome |
#SideEffectClassNoneOnDryRun
// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassUnknown: #SideEffectClass & "Unknown"
// SideEffectClassNone means that calling the webhook will have no side effects.
#SideEffectClassNone: #SideEffectClass & "None"
// SideEffectClassSome means that calling the webhook will possibly have side effects.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassSome: #SideEffectClass & "Some"
// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the
// request being reviewed has the dry-run attribute, the side effects will be suppressed.
#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun"
// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
// Deprecated in v1.16, planned for removal in v1.19. Use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration instead.
#ValidatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
#ValidatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ValidatingWebhookConfiguration.
items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
// Deprecated in v1.16, planned for removal in v1.19. Use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration instead.
#MutatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
#MutatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of MutatingWebhookConfiguration.
items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
#ValidatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...v1.#RuleWithOperations] @go(Rules,[]v1.RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Exact"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: Unknown, None, Some, NoneOnDryRun
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some. Defaults to Unknown.
// +optional
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 30 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
// Default to `['v1beta1']`.
// +optional
admissionReviewVersions?: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
}
// MutatingWebhook describes an admission webhook and the resources and operations it applies to.
#MutatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...v1.#RuleWithOperations] @go(Rules,[]v1.RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Ignore.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Exact"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: Unknown, None, Some, NoneOnDryRun
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some. Defaults to Unknown.
// +optional
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 30 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
// Default to `['v1beta1']`.
// +optional
admissionReviewVersions?: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
// Allowed values are "Never" and "IfNeeded".
//
// Never: the webhook will not be called more than once in a single admission evaluation.
//
// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation
// if the object being admitted is modified by other admission plugins after the initial webhook call.
// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
// Note:
// * the number of additional invocations is not guaranteed to be exactly one.
// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
// * webhooks that use this option may be reordered to minimize the number of additional invocations.
// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
//
// Defaults to "Never".
// +optional
reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType)
}
// ReinvocationPolicyType specifies what type of policy the admission hook uses.
#ReinvocationPolicyType: string // #enumReinvocationPolicyType
#enumReinvocationPolicyType:
#NeverReinvocationPolicy |
#IfNeededReinvocationPolicy
// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a
// single admission evaluation.
#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never"
// IfNeededReinvocationPolicy indicates that the webhook may be called at least one
// additional time as part of the admission evaluation if the object being admitted is
// modified by other admission plugins after the initial webhook call.
#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded"
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
#RuleWithOperations: v1.#RuleWithOperations
// OperationType specifies an operation for a request.
// +enum
#OperationType: v1.#OperationType // #enumOperationType
#enumOperationType:
#OperationAll |
#Create |
#Update |
#Delete |
#Connect
#OperationAll: v1.#OperationType & "*"
#Create: v1.#OperationType & "CREATE"
#Update: v1.#OperationType & "UPDATE"
#Delete: v1.#OperationType & "DELETE"
#Connect: v1.#OperationType & "CONNECT"
// WebhookClientConfig contains the information to make a TLS
// connection with the webhook
#WebhookClientConfig: {
// `url` gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
}
// ServiceReference holds a reference to Service.legacy.k8s.io
#ServiceReference: {
// `namespace` is the namespace of the service.
// Required
namespace: string @go(Namespace) @protobuf(1,bytes,opt)
// `name` is the name of the service.
// Required
name: string @go(Name) @protobuf(2,bytes,opt)
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `port` should be a valid port number (1-65535, inclusive).
// +optional
port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
}
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apidiscovery/v2beta1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apidiscovery/v2beta1
package v2beta1
#GroupName: "apidiscovery.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apidiscovery/v2beta1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apidiscovery/v2beta1
package v2beta1
import "k8s.io/apimachinery/pkg/apis/meta/v1"
// APIGroupDiscoveryList is a resource containing a list of APIGroupDiscovery.
// This is one of the types able to be returned from the /api and /apis endpoint and contains an aggregated
// list of API resources (built-ins, Custom Resource Definitions, resources from aggregated servers)
// that a cluster supports.
#APIGroupDiscoveryList: {
v1.#TypeMeta
// ResourceVersion will not be set, because this does not have a replayable ordering among multiple apiservers.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: v1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of groups for discovery. The groups are listed in priority order.
items: [...#APIGroupDiscovery] @go(Items,[]APIGroupDiscovery) @protobuf(2,bytes,rep)
}
// APIGroupDiscovery holds information about which resources are being served for all version of the API Group.
// It contains a list of APIVersionDiscovery that holds a list of APIResourceDiscovery types served for a version.
// Versions are in descending order of preference, with the first version being the preferred entry.
#APIGroupDiscovery: {
v1.#TypeMeta
// Standard object's metadata.
// The only field completed will be name. For instance, resourceVersion will be empty.
// name is the name of the API group whose discovery information is presented here.
// name is allowed to be "" to represent the legacy, ungroupified resources.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: v1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// versions are the versions supported in this group. They are sorted in descending order of preference,
// with the preferred version being the first entry.
// +listType=map
// +listMapKey=version
versions?: [...#APIVersionDiscovery] @go(Versions,[]APIVersionDiscovery) @protobuf(2,bytes,rep)
}
// APIVersionDiscovery holds a list of APIResourceDiscovery types that are served for a particular version within an API Group.
#APIVersionDiscovery: {
// version is the name of the version within a group version.
version: string @go(Version) @protobuf(1,bytes,opt)
// resources is a list of APIResourceDiscovery objects for the corresponding group version.
// +listType=map
// +listMapKey=resource
resources?: [...#APIResourceDiscovery] @go(Resources,[]APIResourceDiscovery) @protobuf(2,bytes,rep)
// freshness marks whether a group version's discovery document is up to date.
// "Current" indicates the discovery document was recently
// refreshed. "Stale" indicates the discovery document could not
// be retrieved and the returned discovery document may be
// significantly out of date. Clients that require the latest
// version of the discovery information be retrieved before
// performing an operation should not use the aggregated document
freshness?: #DiscoveryFreshness @go(Freshness) @protobuf(3,bytes,opt)
}
// APIResourceDiscovery provides information about an API resource for discovery.
#APIResourceDiscovery: {
// resource is the plural name of the resource. This is used in the URL path and is the unique identifier
// for this resource across all versions in the API group.
// Resources with non-empty groups are located at /apis/<APIGroupDiscovery.objectMeta.name>/<APIVersionDiscovery.version>/<APIResourceDiscovery.Resource>
// Resources with empty groups are located at /api/v1/<APIResourceDiscovery.Resource>
resource: string @go(Resource) @protobuf(1,bytes,opt)
// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
// APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior.
// This value will be null if an APIService reports subresources but supports no operations on the parent resource
responseKind?: null | v1.#GroupVersionKind @go(ResponseKind,*v1.GroupVersionKind) @protobuf(2,bytes,opt)
// scope indicates the scope of a resource, either Cluster or Namespaced
scope: #ResourceScope @go(Scope) @protobuf(3,bytes,opt)
// singularResource is the singular name of the resource. This allows clients to handle plural and singular opaquely.
// For many clients the singular form of the resource will be more understandable to users reading messages and should be used when integrating the name of the resource into a sentence.
// The command line tool kubectl, for example, allows use of the singular resource name in place of plurals.
// The singular form of a resource should always be an optional element - when in doubt use the canonical resource name.
singularResource: string @go(SingularResource) @protobuf(4,bytes,opt)
// verbs is a list of supported API operation types (this includes
// but is not limited to get, list, watch, create, update, patch,
// delete, deletecollection, and proxy).
// +listType=set
verbs: [...string] @go(Verbs,[]string) @protobuf(5,bytes,opt)
// shortNames is a list of suggested short names of the resource.
// +listType=set
shortNames?: [...string] @go(ShortNames,[]string) @protobuf(6,bytes,rep)
// categories is a list of the grouped resources this resource belongs to (e.g. 'all').
// Clients may use this to simplify acting on multiple resource types at once.
// +listType=set
categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep)
// subresources is a list of subresources provided by this resource. Subresources are located at /apis/<APIGroupDiscovery.objectMeta.name>/<APIVersionDiscovery.version>/<APIResourceDiscovery.Resource>/name-of-instance/<APIResourceDiscovery.subresources[i].subresource>
// +listType=map
// +listMapKey=subresource
subresources?: [...#APISubresourceDiscovery] @go(Subresources,[]APISubresourceDiscovery) @protobuf(8,bytes,rep)
}
// ResourceScope is an enum defining the different scopes available to a resource.
#ResourceScope: string // #enumResourceScope
#enumResourceScope:
#ScopeCluster |
#ScopeNamespace
#ScopeCluster: #ResourceScope & "Cluster"
#ScopeNamespace: #ResourceScope & "Namespaced"
// DiscoveryFreshness is an enum defining whether the Discovery document published by an apiservice is up to date (fresh).
#DiscoveryFreshness: string // #enumDiscoveryFreshness
#enumDiscoveryFreshness:
#DiscoveryFreshnessCurrent |
#DiscoveryFreshnessStale
#DiscoveryFreshnessCurrent: #DiscoveryFreshness & "Current"
#DiscoveryFreshnessStale: #DiscoveryFreshness & "Stale"
// APISubresourceDiscovery provides information about an API subresource for discovery.
#APISubresourceDiscovery: {
// subresource is the name of the subresource. This is used in the URL path and is the unique identifier
// for this resource across all versions.
subresource: string @go(Subresource) @protobuf(1,bytes,opt)
// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
// Some subresources do not return normal resources, these will have null return types.
responseKind?: null | v1.#GroupVersionKind @go(ResponseKind,*v1.GroupVersionKind) @protobuf(2,bytes,opt)
// acceptedTypes describes the kinds that this endpoint accepts.
// Subresources may accept the standard content types or define
// custom negotiation schemes. The list may not be exhaustive for
// all operations.
// +listType=map
// +listMapKey=group
// +listMapKey=version
// +listMapKey=kind
acceptedTypes?: [...v1.#GroupVersionKind] @go(AcceptedTypes,[]v1.GroupVersionKind) @protobuf(3,bytes,rep)
// verbs is a list of supported API operation types (this includes
// but is not limited to get, list, watch, create, update, patch,
// delete, deletecollection, and proxy). Subresources may define
// custom verbs outside the standard Kubernetes verb set. Clients
// should expect the behavior of standard verbs to align with
// Kubernetes interaction conventions.
// +listType=set
verbs: [...string] @go(Verbs,[]string) @protobuf(4,bytes,opt)
}
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/doc_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1
// Package v1alpha1 contains the v1alpha1 version of the API used by the
// apiservers themselves.
package v1alpha1
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1
package v1alpha1
#GroupName: "internal.apiserver.k8s.io"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1
package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Storage version of a specific resource.
#StorageVersion: {
metav1.#TypeMeta
// The name is <group>.<resource>.
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec is an empty spec. It is here to comply with Kubernetes API style.
spec: #StorageVersionSpec @go(Spec) @protobuf(2,bytes,opt)
// API server instances report the version they can decode and the version they
// encode objects to when persisting objects in the backend.
status: #StorageVersionStatus @go(Status) @protobuf(3,bytes,opt)
}
// StorageVersionSpec is an empty spec.
#StorageVersionSpec: {
}
// API server instances report the versions they can decode and the version they
// encode objects to when persisting objects in the backend.
#StorageVersionStatus: {
// The reported versions per API server instance.
// +optional
// +listType=map
// +listMapKey=apiServerID
storageVersions?: [...#ServerStorageVersion] @go(StorageVersions,[]ServerStorageVersion) @protobuf(1,bytes,opt)
// If all API server instances agree on the same encoding storage version,
// then this field is set to that version. Otherwise this field is left empty.
// API servers should finish updating its storageVersionStatus entry before
// serving write operations, so that this field will be in sync with the reality.
// +optional
commonEncodingVersion?: null | string @go(CommonEncodingVersion,*string) @protobuf(2,bytes,opt)
// The latest available observations of the storageVersion's state.
// +optional
// +listType=map
// +listMapKey=type
conditions?: [...#StorageVersionCondition] @go(Conditions,[]StorageVersionCondition) @protobuf(3,bytes,opt)
}
// An API server instance reports the version it can decode and the version it
// encodes objects to when persisting objects in the backend.
#ServerStorageVersion: {
// The ID of the reporting API server.
apiServerID?: string @go(APIServerID) @protobuf(1,bytes,opt)
// The API server encodes the object to this version when persisting it in
// the backend (e.g., etcd).
encodingVersion?: string @go(EncodingVersion) @protobuf(2,bytes,opt)
// The API server can decode objects encoded in these versions.
// The encodingVersion must be included in the decodableVersions.
// +listType=set
decodableVersions?: [...string] @go(DecodableVersions,[]string) @protobuf(3,bytes,opt)
}
#StorageVersionConditionType: string // #enumStorageVersionConditionType
#enumStorageVersionConditionType:
#AllEncodingVersionsEqual
// Indicates that encoding storage versions reported by all servers are equal.
#AllEncodingVersionsEqual: #StorageVersionConditionType & "AllEncodingVersionsEqual"
#ConditionStatus: string // #enumConditionStatus
#enumConditionStatus:
#ConditionTrue |
#ConditionFalse |
#ConditionUnknown
#ConditionTrue: #ConditionStatus & "True"
#ConditionFalse: #ConditionStatus & "False"
#ConditionUnknown: #ConditionStatus & "Unknown"
// Describes the state of the storageVersion at a certain point.
#StorageVersionCondition: {
// Type of the condition.
// +required
type: #StorageVersionConditionType @go(Type) @protobuf(1,bytes,opt)
// Status of the condition, one of True, False, Unknown.
// +required
status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt)
// If set, this represents the .metadata.generation that the condition was set based upon.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
// Last time the condition transitioned from one status to another.
// +required
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
// The reason for the condition's last transition.
// +required
reason: string @go(Reason) @protobuf(5,bytes,opt)
// A human readable message indicating details about the transition.
// +required
message?: string @go(Message) @protobuf(6,bytes,opt)
}
// A list of StorageVersions.
#StorageVersionList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items holds a list of StorageVersion
items: [...#StorageVersion] @go(Items,[]StorageVersion) @protobuf(2,bytes,rep)
}
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
#GroupName: "apps"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
)
#ControllerRevisionHashLabelKey: "controller-revision-hash"
#StatefulSetRevisionLabel: "controller-revision-hash"
#DeprecatedRollbackTo: "deprecated.deployment.rollback.to"
#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation"
#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
// StatefulSet represents a set of pods with consistent identities.
// Identities are defined as:
// - Network: A single stable DNS and hostname.
// - Storage: As many VolumeClaims as requested.
//
// The StatefulSet guarantees that a given network identity will always
// map to the same storage identity.
#StatefulSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the desired identities of pods in this set.
// +optional
spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the current status of Pods in this StatefulSet. This data
// may be out of date by some window of time.
// +optional
status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// PodManagementPolicyType defines the policy for creating pods under a stateful set.
// +enum
#PodManagementPolicyType: string // #enumPodManagementPolicyType
#enumPodManagementPolicyType:
#OrderedReadyPodManagement |
#ParallelPodManagement
// OrderedReadyPodManagement will create pods in strictly increasing order on
// scale up and strictly decreasing order on scale down, progressing only when
// the previous pod is ready or terminated. At most one pod will be changed
// at any time.
#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
// ParallelPodManagement will create and delete pods as soon as the stateful set
// replica count is changed, and will not wait for pods to be ready or complete
// termination.
#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
// controller will use to perform updates. It includes any additional parameters
// necessary to perform the update for the indicated strategy.
#StatefulSetUpdateStrategy: {
// Type indicates the type of the StatefulSetUpdateStrategy.
// Default is RollingUpdate.
// +optional
type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
// RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
// +optional
rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
}
// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
// all possible update strategies for the StatefulSet controller.
// +enum
#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
#enumStatefulSetUpdateStrategyType:
#RollingUpdateStatefulSetStrategyType |
#OnDeleteStatefulSetStrategyType
// RollingUpdateStatefulSetStrategyType indicates that update will be
// applied to all Pods in the StatefulSet with respect to the StatefulSet
// ordering constraints. When a scale operation is performed with this
// strategy, new Pods will be created from the specification version indicated
// by the StatefulSet's updateRevision.
#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
// tracking and ordered rolling restarts are disabled. Pods are recreated
// from the StatefulSetSpec when they are manually deleted. When a scale
// operation is performed with this strategy,specification version indicated
// by the StatefulSet's currentRevision.
#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
#RollingUpdateStatefulSetStrategy: {
// Partition indicates the ordinal at which the StatefulSet should be partitioned
// for updates. During a rolling update, all pods from ordinal Replicas-1 to
// Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
// This is helpful in being able to do a canary based deployment. The default value is 0.
// +optional
partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding up. This can not be 0.
// Defaults to 1. This field is alpha-level and is only honored by servers that enable the
// MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
// Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
// will be counted towards MaxUnavailable.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
}
// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
// deleted or scaled down.
#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
#enumPersistentVolumeClaimRetentionPolicyType:
#RetainPersistentVolumeClaimRetentionPolicyType |
#DeletePersistentVolumeClaimRetentionPolicyType
// RetainPersistentVolumeClaimRetentionPolicyType is the default
// PersistentVolumeClaimRetentionPolicy and specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will not be deleted.
#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will be deleted in the scenario specified in
// StatefulSetPersistentVolumeClaimRetentionPolicy.
#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
// created from the StatefulSet VolumeClaimTemplates.
#StatefulSetPersistentVolumeClaimRetentionPolicy: {
// WhenDeleted specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
// `Delete` policy causes those PVCs to be deleted.
whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
// WhenScaled specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is scaled down. The default
// policy of `Retain` causes PVCs to not be affected by a scaledown. The
// `Delete` policy causes the associated PVCs for any excess pods above
// the replica count to be deleted.
whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
}
// StatefulSetOrdinals describes the policy used for replica ordinal assignment
// in this StatefulSet.
#StatefulSetOrdinals: {
// start is the number representing the first replica's index. It may be used
// to number replicas from an alternate index (eg: 1-indexed) over the default
// 0-indexed names, or to orchestrate progressive movement of replicas from
// one StatefulSet to another.
// If set, replica indices will be in the range:
// [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
// If unset, defaults to 0. Replica indices will be in the range:
// [0, .spec.replicas).
// +optional
start: int32 @go(Start) @protobuf(1,varint,opt)
}
// A StatefulSetSpec is the specification of a StatefulSet.
#StatefulSetSpec: {
// replicas is the desired number of replicas of the given Template.
// These are replicas in the sense that they are instantiations of the
// same Template, but individual replicas also have a consistent identity.
// If unspecified, defaults to 1.
// TODO: Consider a rename of this field.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// selector is a label query over pods that should match the replica count.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// template is the object that describes the pod that will be created if
// insufficient replicas are detected. Each pod stamped out by the StatefulSet
// will fulfill this Template, but have a unique identity from the rest
// of the StatefulSet. Each pod will be named with the format
// <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
// "web" with index number "3" would be named "web-3".
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// volumeClaimTemplates is a list of claims that pods are allowed to reference.
// The StatefulSet controller is responsible for mapping network identities to
// claims in a way that maintains the identity of a pod. Every claim in
// this list must have at least one matching (by name) volumeMount in one
// container in the template. A claim in this list takes precedence over
// any volumes in the template, with the same name.
// TODO: Define the behavior if a claim already exists with the same name.
// +optional
volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
// serviceName is the name of the service that governs this StatefulSet.
// This service must exist before the StatefulSet, and is responsible for
// the network identity of the set. Pods get DNS/hostnames that follow the
// pattern: pod-specific-string.serviceName.default.svc.cluster.local
// where "pod-specific-string" is managed by the StatefulSet controller.
serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
// podManagementPolicy controls how pods are created during initial scale up,
// when replacing pods on nodes, or when scaling down. The default policy is
// `OrderedReady`, where pods are created in increasing order (pod-0, then
// pod-1, etc) and the controller will wait until each pod is ready before
// continuing. When scaling down, the pods are removed in the opposite order.
// The alternative policy is `Parallel` which will create pods in parallel
// to match the desired scale without waiting, and on scale down will delete
// all pods at once.
// +optional
podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
// updateStrategy indicates the StatefulSetUpdateStrategy that will be
// employed to update Pods in the StatefulSet when a revision is made to
// Template.
updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
// revisionHistoryLimit is the maximum number of revisions that will
// be maintained in the StatefulSet's revision history. The revision history
// consists of all revisions not represented by a currently applied
// StatefulSetSpec version. The default value is 10.
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
// persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
// volume claims created from volumeClaimTemplates. By default, all persistent
// volume claims are created as needed and retained until manually deleted. This
// policy allows the lifecycle to be altered, for example by deleting persistent
// volume claims when their stateful set is deleted, or when their pod is scaled
// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
// which is alpha. +optional
persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
// ordinals controls the numbering of replica indices in a StatefulSet. The
// default ordinals behavior assigns a "0" index to the first replica and
// increments the index by one for each additional replica requested. Using
// the ordinals field requires the StatefulSetStartOrdinal feature gate to be
// enabled, which is alpha.
// +optional
ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
}
// StatefulSetStatus represents the current state of a StatefulSet.
#StatefulSetStatus: {
// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
// StatefulSet's generation, which is updated on mutation by the API Server.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// replicas is the number of Pods created by the StatefulSet controller.
replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
// currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by currentRevision.
currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
// updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by updateRevision.
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
// sequence [0,currentReplicas).
currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
// updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
// [replicas-updatedReplicas,replicas)
updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
// collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
// uses this field as a collision avoidance mechanism when it needs to create the name for the
// newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a statefulset's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
// Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
// +optional
availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
}
#StatefulSetConditionType: string
// StatefulSetCondition describes the state of a statefulset at a certain point.
#StatefulSetCondition: {
// Type of statefulset condition.
type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// StatefulSetList is a collection of StatefulSets.
#StatefulSetList: {
metav1.#TypeMeta
// Standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of stateful sets.
items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
}
// Deployment enables declarative updates for Pods and ReplicaSets.
#Deployment: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the Deployment.
// +optional
spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
// Most recently observed status of the Deployment.
// +optional
status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
}
// DeploymentSpec is the specification of the desired behavior of the Deployment.
#DeploymentSpec: {
// Number of desired pods. This is a pointer to distinguish between explicit
// zero and not specified. Defaults to 1.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Label selector for pods. Existing ReplicaSets whose pods are
// selected by this will be the ones affected by this deployment.
// It must match the pod template's labels.
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template describes the pods that will be created.
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// The deployment strategy to use to replace existing pods with new ones.
// +optional
// +patchStrategy=retainKeys
strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
// The number of old ReplicaSets to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
// Indicates that the deployment is paused.
// +optional
paused?: bool @go(Paused) @protobuf(7,varint,opt)
// The maximum time in seconds for a deployment to make progress before it
// is considered to be failed. The deployment controller will continue to
// process failed deployments and a condition with a ProgressDeadlineExceeded
// reason will be surfaced in the deployment status. Note that progress will
// not be estimated during the time a deployment is paused. Defaults to 600s.
progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
}
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
#DefaultDeploymentUniqueLabelKey: "pod-template-hash"
// DeploymentStrategy describes how to replace existing pods with new ones.
#DeploymentStrategy: {
// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
// +optional
type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
// Rolling update config params. Present only if DeploymentStrategyType =
// RollingUpdate.
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be.
// +optional
rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
}
// +enum
#DeploymentStrategyType: string // #enumDeploymentStrategyType
#enumDeploymentStrategyType:
#RecreateDeploymentStrategyType |
#RollingUpdateDeploymentStrategyType
// Kill all existing pods before creating new ones.
#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
// Spec to control the desired behavior of rolling update.
#RollingUpdateDeployment: {
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of pods that can be scheduled above the desired number of
// pods.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is at most 130% of desired pods.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DeploymentStatus is the most recently observed status of the Deployment.
#DeploymentStatus: {
// The generation observed by the deployment controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// Total number of non-terminated pods targeted by this deployment (their labels match the selector).
// +optional
replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
// Total number of non-terminated pods targeted by this deployment that have the desired template spec.
// +optional
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
// readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
// Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
// Total number of unavailable pods targeted by this deployment. This is the total number of
// pods that are still required for the deployment to have 100% available capacity. They may
// either be pods that are running but not yet available or pods that still have not been created.
// +optional
unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
// Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
// Count of hash collisions for the Deployment. The Deployment controller uses this
// field as a collision avoidance mechanism when it needs to create the name for the
// newest ReplicaSet.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
}
#DeploymentConditionType: string // #enumDeploymentConditionType
#enumDeploymentConditionType:
#DeploymentAvailable |
#DeploymentProgressing |
#DeploymentReplicaFailure
// Available means the deployment is available, ie. at least the minimum available
// replicas required are up and running for at least minReadySeconds.
#DeploymentAvailable: #DeploymentConditionType & "Available"
// Progressing means the deployment is progressing. Progress for a deployment is
// considered when a new replica set is created or adopted, and when new pods scale
// up or old pods scale down. Progress is not estimated for paused deployments or
// when progressDeadlineSeconds is not specified.
#DeploymentProgressing: #DeploymentConditionType & "Progressing"
// ReplicaFailure is added in a deployment when one of its pods fails to be created
// or deleted.
#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
// DeploymentCondition describes the state of a deployment at a certain point.
#DeploymentCondition: {
// Type of deployment condition.
type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time this condition was updated.
lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
// Last time the condition transitioned from one status to another.
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
// The reason for the condition's last transition.
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DeploymentList is a list of Deployments.
#DeploymentList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of Deployments.
items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
}
// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
#DaemonSetUpdateStrategy: {
// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +optional
type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
// Rolling update config params. Present only if type = "RollingUpdate".
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be. Same as Deployment `strategy.rollingUpdate`.
// See https://github.com/kubernetes/kubernetes/issues/35345
// +optional
rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
}
// +enum
#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
#enumDaemonSetUpdateStrategyType:
#RollingUpdateDaemonSetStrategyType |
#OnDeleteDaemonSetStrategyType
// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
// Replace the old daemons only when it's killed
#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
// Spec to control the desired behavior of daemon set rolling update.
#RollingUpdateDaemonSet: {
// The maximum number of DaemonSet pods that can be unavailable during the
// update. Value can be an absolute number (ex: 5) or a percentage of total
// number of DaemonSet pods at the start of the update (ex: 10%). Absolute
// number is calculated from percentage by rounding up.
// This cannot be 0 if MaxSurge is 0
// Default value is 1.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their pods stopped for an update at any given time. The update
// starts by stopping at most 30% of those DaemonSet pods and then brings
// up new DaemonSet pods in their place. Once the new pods are available,
// it then proceeds onto other DaemonSet pods, thus ensuring that at least
// 70% of original number of DaemonSet pods are available at all times during
// the update.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of nodes with an existing available DaemonSet pod that
// can have an updated DaemonSet pod during during an update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up to a minimum of 1.
// Default value is 0.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their a new pod created before the old pod is marked as deleted.
// The update starts by launching new pods on 30% of nodes. Once an updated
// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
// on that node is marked deleted. If the old pod becomes unavailable for any
// reason (Ready transitions to false, is evicted, or is drained) an updated
// pod is immediatedly created on that node without considering surge limits.
// Allowing surge implies the possibility that the resources consumed by the
// daemonset on any given node can double if the readiness check fails, and
// so resource intensive daemonsets should take into account that they may
// cause evictions during disruption.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DaemonSetSpec is the specification of a daemon set.
#DaemonSetSpec: {
// A label query over pods that are managed by the daemon set.
// Must match in order to be controlled.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// An object that describes the pod that will be created.
// The DaemonSet will create exactly one copy of this pod on every node
// that matches the template's node selector (or on every node if no node
// selector is specified).
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
// An update strategy to replace existing DaemonSet pods with new pods.
// +optional
updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
// The minimum number of seconds for which a newly created DaemonSet pod should
// be ready without any of its container crashing, for it to be considered
// available. Defaults to 0 (pod will be considered available as soon as it
// is ready).
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// The number of old history to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
}
// DaemonSetStatus represents the current status of a daemon set.
#DaemonSetStatus: {
// The number of nodes that are running at least 1
// daemon pod and are supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
// The number of nodes that are running the daemon pod, but are
// not supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
// The total number of nodes that should be running the daemon
// pod (including nodes correctly running the daemon pod).
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
// numberReady is the number of nodes that should be running the daemon pod and have one
// or more of the daemon pod running with a Ready Condition.
numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
// The most recent generation observed by the daemon set controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
// The total number of nodes that are running updated daemon pod
// +optional
updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
// The number of nodes that should be running the
// daemon pod and have one or more of the daemon pod running and
// available (ready for at least spec.minReadySeconds)
// +optional
numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
// The number of nodes that should be running the
// daemon pod and have none of the daemon pod running and available
// (ready for at least spec.minReadySeconds)
// +optional
numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
// Count of hash collisions for the DaemonSet. The DaemonSet controller
// uses this field as a collision avoidance mechanism when it needs to
// create the name for the newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a DaemonSet's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
}
#DaemonSetConditionType: string
// DaemonSetCondition describes the state of a DaemonSet at a certain point.
#DaemonSetCondition: {
// Type of DaemonSet condition.
type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DaemonSet represents the configuration of a daemon set.
#DaemonSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// The desired behavior of this daemon set.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
// The current status of this daemon set. This data may be
// out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// DefaultDaemonSetUniqueLabelKey is the default label key that is added
// to existing DaemonSet pods to distinguish between old and new
// DaemonSet pods during DaemonSet template updates.
#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
// DaemonSetList is a collection of daemon sets.
#DaemonSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// A list of daemon sets.
items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
}
// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
#ReplicaSet: {
metav1.#TypeMeta
// If the Labels of a ReplicaSet are empty, they are defaulted to
// be the same as the Pod(s) that the ReplicaSet manages.
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the specification of the desired behavior of the ReplicaSet.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the most recently observed status of the ReplicaSet.
// This data may be out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// ReplicaSetList is a collection of ReplicaSets.
#ReplicaSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ReplicaSets.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
}
// ReplicaSetSpec is the specification of a ReplicaSet.
#ReplicaSetSpec: {
// Replicas is the number of desired replicas.
// This is a pointer to distinguish between explicit zero and unspecified.
// Defaults to 1.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// Selector is a label query over pods that should match the replica count.
// Label keys and values that must match in order to be controlled by this replica set.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template is the object that describes the pod that will be created if
// insufficient replicas are detected.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
// +optional
template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
}
// ReplicaSetStatus represents the current status of a ReplicaSet.
#ReplicaSetStatus: {
// Replicas is the most recently observed number of replicas.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
// The number of pods that have labels matching the labels of the pod template of the replicaset.
// +optional
fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
// The number of available replicas (ready for at least minReadySeconds) for this replica set.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
// ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
// Represents the latest available observations of a replica set's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
}
#ReplicaSetConditionType: string // #enumReplicaSetConditionType
#enumReplicaSetConditionType:
#ReplicaSetReplicaFailure
// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
// due to kubelet being down or finalizers are failing.
#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
// ReplicaSetCondition describes the state of a replica set at a certain point.
#ReplicaSetCondition: {
// Type of replica set condition.
type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// ControllerRevision implements an immutable snapshot of state data. Clients
// are responsible for serializing and deserializing the objects that contain
// their internal state.
// Once a ControllerRevision has been successfully created, it can not be updated.
// The API Server will fail validation of all requests that attempt to mutate
// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
#ControllerRevision: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Data is the serialized representation of the state.
data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
// Revision indicates the revision of the state represented by Data.
revision: int64 @go(Revision) @protobuf(3,varint,opt)
}
// ControllerRevisionList is a resource containing a list of ControllerRevision objects.
#ControllerRevisionList: {
metav1.#TypeMeta
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of ControllerRevisions
items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
}
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apps/v1beta1/register_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1beta1
package v1beta1
#GroupName: "apps"
================================================
FILE: cue/cue.mod/gen/k8s.io/api/apps/v1beta1/types_go_gen.cue
================================================
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1beta1
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
)
#ControllerRevisionHashLabelKey: "controller-revision-hash"
#StatefulSetRevisionLabel: "controller-revision-hash"
#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
// ScaleSpec describes the attributes of a scale subresource
#ScaleSpec: {
// desired number of instances for the scaled object.
// +optional
replicas?: int32 @go(Replicas) @protobuf(1,varint,opt)
}
// ScaleStatus represents the current status of a scale subresource.
#ScaleStatus: {
// actual number of observed instances of the scaled object.
replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
// label query over pods that should match the replicas count. More info: http://kubernetes.io/docs/user-guide/labels#label-selectors
// +optional
selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep)
// label selector for pods that should match the replicas count. This is a serializated
// version of both map-based and more expressive set-based selectors. This is done to
// avoid introspection in the clients. The string will be in the same format as the
// query-param syntax. If the target type only supports map-based selectors, both this
// field and map-based selector field are populated.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
// +optional
targetSelector?: string @go(TargetSelector) @protobuf(3,bytes,opt)
}
// Scale represents a scaling request for a resource.
#Scale: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// +optional
spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt)
// current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.
// +optional
status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt)
}
// DEPRECATED - This group version of StatefulSet is deprecated by apps/v1beta2/StatefulSet. See the release notes for
// more information.
// StatefulSet represents a set of pods with consistent identities.
// Identities are defined as:
// - Network: A single stable DNS and hostname.
// - Storage: As many VolumeClaims as requested.
//
// The StatefulSet guarantees that a given network identity will always
// map to the same storage identity.
#StatefulSet: {
metav1.#TypeMeta
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the desired identities of pods in this set.
// +optional
spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the current status of Pods in this StatefulSet. This data
// may be out of date by some window of time.
// +optional
status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// PodManagementPolicyType defines the policy for creating pods under a stateful set.
#PodManagementPolicyType: string // #enumPodManagementPolicyType
#enumPodManagementPolicyType:
#OrderedReadyPodManagement |
#ParallelPodManagement
// OrderedReadyPodManagement will create pods in strictly increasing order on
// scale up and strictly decreasing order on scale down, progressing only when
// the previous pod is ready or terminated. At most one pod will be changed
// at any time.
#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
// ParallelPodManagement will create and delete pods as soon as the stateful set
// replica count is changed, and will not wait for pods to be ready or complete
// termination.
#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
// controller will use to perform updates. It includes any additional parameters
// necessary to perform the update for the indicated strategy.
#StatefulSetUpdateStrategy: {
// Type indicates the type of the StatefulSetUpdateStrategy.
type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
// RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
}
// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
// all possible update strategies for the StatefulSet controller.
#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
#enumStatefulSetUpdateStrategyType:
#RollingUpdateStatefulSetStrategyType |
#OnDeleteStatefulSetStrategyType
// RollingUpdateStatefulSetStrategyType indicates that update will be
// applied to all Pods in the StatefulSet with respect to the StatefulSet
// ordering constraints. When a scale operation is performed with this
// strategy, new Pods will be created from the specification version indicated
// by the StatefulSet's updateRevision.
#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
// tracking and ordered rolling restarts are disabled. Pods are recreated
// from the StatefulSetSpec when they are manually deleted. When a scale
// operation is performed with this strategy,specification version indicated
// by the StatefulSet's currentRevision.
#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
#RollingUpdateStatefulSetStrategy: {
// Partition indicates the ordinal at which the StatefulSet should be partitioned
// for updates. During a rolling update, all pods from ordinal Replicas-1 to
// Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
// This is helpful in being able to do a canary based deployment. The default value is 0.
partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding up. This can not be 0.
// Defaults to 1. This field is alpha-level and is only honored by servers that enable the
// MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
// Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
// will be counted towards MaxUnavailable.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
}
// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
// deleted or scaled down.
#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
#enumPersistentVolumeClaimRetentionPolicyType:
#RetainPersistentVolumeClaimRetentionPolicyType |
#RetentionPersistentVolumeClaimRetentionPolicyType
// RetainPersistentVolumeClaimRetentionPolicyType is the default
// PersistentVolumeClaimRetentionPolicy and specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will not be deleted.
#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will be deleted in the scenario specified in
// StatefulSetPersistentVolumeClaimRetentionPolicy.
#RetentionPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
// created from the StatefulSet VolumeClaimTemplates.
#StatefulSetPersistentVolumeClaimRetentionPolicy: {
// WhenDeleted specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
// `Delete` policy causes those PVCs to be deleted.
whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
// WhenScaled specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is scaled down. The default
// policy of `Retain` causes PVCs to not be affected by a scaledown. The
// `Delete` policy causes the associated PVCs for any excess pods above
// the replica count to be deleted.
whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
}
// StatefulSetOrdinals describes the policy used for replica ordinal assignment
// in this StatefulSet.
#StatefulSetOrdinals: {
// start is the number representing the first replica's index. It may be used
// to number replicas from an alternate index (eg: 1-indexed) over the default
// 0-indexed names, or to orchestrate progressive movement of replicas from
// one StatefulSet to another.
// If set, replica indices will be in the range:
// [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
// If unset, defaults to 0. Replica indices will be in the range:
// [0, .spec.replicas).
// +optional
start: int32 @go(Start) @protobuf(1,varint,opt)
}
// A StatefulSetSpec is the specification of a StatefulSet.
#StatefulSetSpec: {
// replicas is the desired number of replicas of the given Template.
// These are replicas in the sense that they are instantiations of the
// same Template, but individual replicas also have a consistent identity.
// If unspecified, defaults to 1.
// TODO: Consider a rename of this field.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// selector is a label query over pods that should match the replica count.
// If empty, defaulted to labels on the pod template.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// template is the object that describes the pod that will be created if
// insufficient replicas are detected. Each pod stamped out by the StatefulSet
// will fulfill this Template, but have a unique identity from the rest
// of the StatefulSet. Each pod will be named with the format
// <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
// "web" with index number "3" would be named "web-3".
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// volumeClaimTemplates is a list of claims that pods are allowed to reference.
// The StatefulSet controller is responsible for mapping network identities to
// claims in a way that maintains the identity of a pod. Every claim in
// this list must have at least one matching (by name) volumeMount in one
// container in the template. A claim in this list takes precedence over
// any volumes in the template, with the same name.
// TODO: Define the behavior if a claim already exists with the same name.
// +optional
volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
// serviceName is the name of the service that governs this StatefulSet.
// This service must exist before the StatefulSet, and is responsible for
// the network identity of the set. Pods get DNS/hostnames that follow the
// pattern: pod-specific-string.serviceName.default.svc.cluster.local
// where "pod-specific-string" is managed by the StatefulSet controller.
serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
// podManagementPolicy controls how pods are created during initial scale up,
// when replacing pods on nodes, or when scaling down. The default policy is
// `OrderedReady`, where pods are created in increasing order (pod-0, then
// pod-1, etc) and the controller will wait until each pod is ready before
// continuing. When scaling down, the pods are removed in the opposite order.
// The alternative policy is `Parallel` which will create pods in parallel
// to match the desired scale without waiting, and on scale down will delete
// all pods at once.
// +optional
podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
// updateStrategy indicates the StatefulSetUpdateStrategy that will be
// employed to update Pods in the StatefulSet when a revision is made to
// Template.
updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
// revisionHistoryLimit is the maximum number of revisions that will
// be maintained in the StatefulSet's revision history. The revision history
// consists of all revisions not represented by a currently applied
// StatefulSetSpec version. The default value is 10.
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
// PersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from
// the StatefulSet VolumeClaimTemplates. This requires the
// StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha.
// +optional
persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
// ordinals controls the numbering of replica indices in a StatefulSet. The
// default ordinals behavior assigns a "0" index to the first replica and
// increments the index by one for each additional replica requested. Using
// the ordinals field requires the StatefulSetStartOrdinal feature gate to be
// enabled, which is alpha.
// +optional
ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
}
// StatefulSetStatus represents the current state of a StatefulSet.
#StatefulSetStatus: {
// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
// StatefulSet's generation, which is updated on mutation by the API Server.
// +optional
observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
// replicas is the number of Pods created by the StatefulSet controller.
replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods created by this StatefulSet controller with a Ready Condition.
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
// currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by currentRevision.
currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
// updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by updateRevision.
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
// sequence [0,currentReplicas).
currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
// updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
// [replicas-updatedReplicas,replicas)
updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
// collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
// uses this field as a collision avoidance mechanism when it needs to create the name for the
// newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a statefulset's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
// Total number of available pods (ready for at least minReadySeconds) targeted by this StatefulSet.
// +optional
availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
}
#StatefulSetConditionType: string
// StatefulSetCondition describes the state of a statefulset at a certain point.
#StatefulSetCondition: {
// Type of statefulset condition.
type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// StatefulSetList is a collection of StatefulSets.
#StatefulSetList: {
metav1.#TypeMeta
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
}
// DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for
// more information.
// Deployment enables declarative updates for Pods and ReplicaSets.
#Deployment: {
metav1.#TypeMeta
// Standard object metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the Deployment.
// +optional
spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
// Most recently observed status of the Deployment.
// +optional
status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
}
// DeploymentSpec is the specification of the desired behavior of the Deployment.
#DeploymentSpec: {
// Number of desired pods. This is a pointer to distinguish between explicit
// zero and not specified. Defaults to 1.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Label selector for pods. Existing ReplicaSets whose pods are
// selected by this will be the ones affected by this deployment.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template describes the pods that will be created.
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// The deployment strategy to use to replace existing pods with new ones.
// +optional
// +patchStrategy=retainKeys
strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
// The number of old ReplicaSets to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 2.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
// Indicates that the deployment is paused.
// +optional
paused?: bool @go(Paused) @protobuf(7,varint,opt)
// DEPRECATED.
// The config this deployment is rolling back to. Will be cleared after rollback is done.
// +opt
gitextract_6yye3om7/
├── .github/
│ ├── FUNDING.yml
│ └── workflows/
│ └── test.yaml
├── .gitignore
├── Brewfile
├── LICENSE
├── Makefile
├── README.md
├── cue/
│ ├── README.md
│ ├── cue.mod/
│ │ ├── gen/
│ │ │ └── k8s.io/
│ │ │ ├── api/
│ │ │ │ ├── admission/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── admissionregistration/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apidiscovery/
│ │ │ │ │ └── v2beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apiserverinternal/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── apps/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta2/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── authentication/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── authorization/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── autoscaling/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v2/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v2beta1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v2beta2/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── batch/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── certificates/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── coordination/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── core/
│ │ │ │ │ └── v1/
│ │ │ │ │ ├── annotation_key_constants_go_gen.cue
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ ├── well_known_labels_go_gen.cue
│ │ │ │ │ └── well_known_taints_go_gen.cue
│ │ │ │ ├── discovery/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ │ └── well_known_labels_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ └── well_known_labels_go_gen.cue
│ │ │ │ ├── events/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── extensions/
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── flowcontrol/
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1beta2/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta3/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── imagepolicy/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── networking/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ │ └── well_known_annotations_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ ├── types_go_gen.cue
│ │ │ │ │ └── well_known_annotations_go_gen.cue
│ │ │ │ ├── node/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── policy/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── rbac/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── resource/
│ │ │ │ │ └── v1alpha1/
│ │ │ │ │ ├── doc_go_gen.cue
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── scheduling/
│ │ │ │ │ ├── v1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ ├── v1alpha1/
│ │ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ │ └── types_go_gen.cue
│ │ │ │ │ └── v1beta1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ └── storage/
│ │ │ │ ├── v1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ ├── v1alpha1/
│ │ │ │ │ ├── register_go_gen.cue
│ │ │ │ │ └── types_go_gen.cue
│ │ │ │ └── v1beta1/
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ └── types_go_gen.cue
│ │ │ ├── apiextensions-apiserver/
│ │ │ │ └── pkg/
│ │ │ │ └── apis/
│ │ │ │ └── apiextensions/
│ │ │ │ └── v1/
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── types_jsonschema_go_gen.cue
│ │ │ └── apimachinery/
│ │ │ └── pkg/
│ │ │ ├── api/
│ │ │ │ └── resource/
│ │ │ │ ├── amount_go_gen.cue
│ │ │ │ ├── math_go_gen.cue
│ │ │ │ ├── quantity_go_gen.cue
│ │ │ │ └── suffix_go_gen.cue
│ │ │ ├── apis/
│ │ │ │ └── meta/
│ │ │ │ └── v1/
│ │ │ │ ├── duration_go_gen.cue
│ │ │ │ ├── group_version_go_gen.cue
│ │ │ │ ├── meta_go_gen.cue
│ │ │ │ ├── micro_time_go_gen.cue
│ │ │ │ ├── register_go_gen.cue
│ │ │ │ ├── time_go_gen.cue
│ │ │ │ ├── time_proto_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── watch_go_gen.cue
│ │ │ ├── runtime/
│ │ │ │ ├── allocator_go_gen.cue
│ │ │ │ ├── codec_go_gen.cue
│ │ │ │ ├── conversion_go_gen.cue
│ │ │ │ ├── converter_go_gen.cue
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── embedded_go_gen.cue
│ │ │ │ ├── helper_go_gen.cue
│ │ │ │ ├── interfaces_go_gen.cue
│ │ │ │ ├── negotiate_go_gen.cue
│ │ │ │ ├── swagger_doc_generator_go_gen.cue
│ │ │ │ ├── types_go_gen.cue
│ │ │ │ └── types_proto_go_gen.cue
│ │ │ ├── types/
│ │ │ │ ├── doc_go_gen.cue
│ │ │ │ ├── namespacedname_go_gen.cue
│ │ │ │ ├── nodename_go_gen.cue
│ │ │ │ ├── patch_go_gen.cue
│ │ │ │ └── uid_go_gen.cue
│ │ │ ├── util/
│ │ │ │ └── intstr/
│ │ │ │ └── intstr_go_gen.cue
│ │ │ └── watch/
│ │ │ ├── doc_go_gen.cue
│ │ │ ├── filter_go_gen.cue
│ │ │ ├── mux_go_gen.cue
│ │ │ ├── streamwatcher_go_gen.cue
│ │ │ └── watch_go_gen.cue
│ │ └── module.cue
│ ├── go.mod
│ ├── go.sum
│ ├── main.cue
│ ├── main_tool.cue
│ ├── namespace/
│ │ ├── api.cue
│ │ ├── namespace.cue
│ │ ├── rbac.cue
│ │ └── serviceaccount.cue
│ └── podinfo/
│ ├── api.cue
│ ├── deployment.cue
│ ├── hpa.cue
│ ├── ingress.cue
│ ├── service.cue
│ ├── serviceaccount.cue
│ └── servicemonitor.cue
├── kubernetes/
│ ├── apps/
│ │ ├── namespace.yaml
│ │ └── podinfo.yaml
│ ├── clusters/
│ │ └── local/
│ │ ├── apps.yaml
│ │ ├── flux-system/
│ │ │ ├── cluster-source.yaml
│ │ │ ├── cluster-sync.yaml
│ │ │ ├── flux-pvc.yaml
│ │ │ ├── flux-source.yaml
│ │ │ ├── flux-sync.yaml
│ │ │ └── kustomization.yaml
│ │ └── infra.yaml
│ └── infra/
│ ├── config/
│ │ ├── cluster-issuers.yaml
│ │ └── flux-monitoring.yaml
│ └── controllers/
│ ├── cert-manager.yaml
│ ├── ingress-nginx.yaml
│ ├── metrics-server.yaml
│ ├── prometheus-operator.yaml
│ └── weave-gitops.yaml
└── scripts/
├── flux/
│ ├── down.sh
│ ├── push-cue.sh
│ ├── push.sh
│ └── up.sh
├── kind/
│ ├── down.sh
│ └── up.sh
└── test/
└── validate.sh
Condensed preview — 215 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (1,509K chars).
[
{
"path": ".github/FUNDING.yml",
"chars": 21,
"preview": "github: stefanprodan\n"
},
{
"path": ".github/workflows/test.yaml",
"chars": 427,
"preview": "name: test\n\non:\n pull_request:\n push:\n branches:\n - main\n - test*\n\npermissions:\n contents: read\n\njobs:\n "
},
{
"path": ".gitignore",
"chars": 55,
"preview": "bin/\nflux-vnext/\ncue/bin/\ncue/dist/\nBrewfile.lock.json\n"
},
{
"path": "Brewfile",
"chars": 239,
"preview": "# Kubernetes\nbrew \"kubectl\"\nbrew \"kind\"\n\n# Kubernetes tools\nbrew \"yq\"\nbrew \"jq\"\nbrew \"cue\"\nbrew \"helm\"\nbrew \"kustomize\"\n"
},
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "Makefile",
"chars": 1955,
"preview": "# Flux local dev environment with Docker and Kubernetes KIND\n# Requirements:\n# - Docker\n# - Homebrew\n\n.PHONY: up\nup: clu"
},
{
"path": "README.md",
"chars": 15459,
"preview": "# flux-local-dev\n\n[](https://github.com/"
},
{
"path": "cue/README.md",
"chars": 1079,
"preview": "# Podinfo CUE module\n\nThis directory contains a [CUE](https://cuelang.org/docs/) module and tooling\nfor generating [podi"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue",
"chars": 141,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admission/v1\n\npackage v1\n\n#GroupName"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue",
"chars": 8526,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admission/v1\n\npackage v1\n\nimport (\n\t"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admission/v1beta1/register_go_gen.cue",
"chars": 151,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admission/v1beta1\n\npackage v1beta1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admission/v1beta1/types_go_gen.cue",
"chars": 8538,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admission/v1beta1\n\npackage v1beta1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue",
"chars": 403,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1\n\n// Package"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue",
"chars": 165,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1\n\npackage v1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue",
"chars": 25409,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1\n\npackage v1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/doc_go_gen.cue",
"chars": 189,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1\n\n// P"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/register_go_gen.cue",
"chars": 177,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1\n\npack"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1alpha1/types_go_gen.cue",
"chars": 17599,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1alpha1\n\npack"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/doc_go_gen.cue",
"chars": 423,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1\n\n// Pa"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/register_go_gen.cue",
"chars": 175,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1\n\npacka"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/admissionregistration/v1beta1/types_go_gen.cue",
"chars": 23745,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/admissionregistration/v1beta1\n\npacka"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apidiscovery/v2beta1/register_go_gen.cue",
"chars": 157,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apidiscovery/v2beta1\n\npackage v2beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apidiscovery/v2beta1/types_go_gen.cue",
"chars": 8315,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apidiscovery/v2beta1\n\npackage v2beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/doc_go_gen.cue",
"chars": 228,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1\n\n// Packa"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/register_go_gen.cue",
"chars": 170,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1\n\npackage "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apiserverinternal/v1alpha1/types_go_gen.cue",
"chars": 4455,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apiserverinternal/v1alpha1\n\npackage "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue",
"chars": 124,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1\n\npackage v1\n\n#GroupName: \"ap"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue",
"chars": 44625,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1\n\npackage v1\n\nimport (\n\tmetav"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1beta1/register_go_gen.cue",
"chars": 134,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1beta1\n\npackage v1beta1\n\n#Grou"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1beta1/types_go_gen.cue",
"chars": 31130,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1beta1\n\npackage v1beta1\n\nimpor"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1beta2/register_go_gen.cue",
"chars": 134,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1beta2\n\npackage v1beta2\n\n#Grou"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/apps/v1beta2/types_go_gen.cue",
"chars": 46628,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/apps/v1beta2\n\npackage v1beta2\n\nimpor"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue",
"chars": 151,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1\n\npackage v1\n\n#Grou"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue",
"chars": 7490,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1\n\npackage v1\n\nimpor"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1alpha1/register_go_gen.cue",
"chars": 163,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1alpha1\n\npackage v1a"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1alpha1/types_go_gen.cue",
"chars": 1073,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1alpha1\n\npackage v1a"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1beta1/register_go_gen.cue",
"chars": 161,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1beta1\n\npackage v1be"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authentication/v1beta1/types_go_gen.cue",
"chars": 3720,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authentication/v1beta1\n\npackage v1be"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue",
"chars": 149,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authorization/v1\n\npackage v1\n\n#Group"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue",
"chars": 12479,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authorization/v1\n\npackage v1\n\nimport"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authorization/v1beta1/register_go_gen.cue",
"chars": 159,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authorization/v1beta1\n\npackage v1bet"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/authorization/v1beta1/types_go_gen.cue",
"chars": 12487,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/authorization/v1beta1\n\npackage v1bet"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue",
"chars": 138,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v1\n\npackage v1\n\n#GroupNa"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue",
"chars": 26150,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v1\n\npackage v1\n\nimport ("
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue",
"chars": 138,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2\n\npackage v2\n\n#GroupNa"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue",
"chars": 27821,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2\n\npackage v2\n\nimport ("
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta1/register_go_gen.cue",
"chars": 148,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2beta1\n\npackage v2beta1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta1/types_go_gen.cue",
"chars": 25650,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2beta1\n\npackage v2beta1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta2/register_go_gen.cue",
"chars": 148,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2beta2\n\npackage v2beta2"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta2/types_go_gen.cue",
"chars": 27481,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/autoscaling/v2beta2\n\npackage v2beta2"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue",
"chars": 126,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/batch/v1\n\npackage v1\n\n#GroupName: \"b"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue",
"chars": 26882,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/batch/v1\n\npackage v1\n\nimport (\n\tmeta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/batch/v1beta1/register_go_gen.cue",
"chars": 136,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/batch/v1beta1\n\npackage v1beta1\n\n#Gro"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/batch/v1beta1/types_go_gen.cue",
"chars": 6907,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/batch/v1beta1\n\npackage v1beta1\n\nimpo"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue",
"chars": 147,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/certificates/v1\n\npackage v1\n\n#GroupN"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue",
"chars": 15056,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/certificates/v1\n\npackage v1\n\nimport "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/certificates/v1beta1/register_go_gen.cue",
"chars": 157,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/certificates/v1beta1\n\npackage v1beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/certificates/v1beta1/types_go_gen.cue",
"chars": 9553,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/certificates/v1beta1\n\npackage v1beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue",
"chars": 147,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/coordination/v1\n\npackage v1\n\n#GroupN"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue",
"chars": 2100,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/coordination/v1\n\npackage v1\n\nimport "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/coordination/v1beta1/register_go_gen.cue",
"chars": 157,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/coordination/v1beta1\n\npackage v1beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/coordination/v1beta1/types_go_gen.cue",
"chars": 2110,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/coordination/v1beta1\n\npackage v1beta"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue",
"chars": 7616,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\npackage v1\n\n// ImagePolicyF"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue",
"chars": 153,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\n// Package v1 is the v1 ver"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue",
"chars": 120,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\npackage v1\n\n#GroupName: \"\"\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue",
"chars": 333281,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\npackage v1\n\nimport (\n\tmetav"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue",
"chars": 3082,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\npackage v1\n\n#LabelHostname:"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue",
"chars": 1563,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/core/v1\n\npackage v1\n\n// TaintNodeNot"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue",
"chars": 141,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1\n\npackage v1\n\n#GroupName"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue",
"chars": 7927,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1\n\npackage v1\n\nimport (\n\t"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue",
"chars": 842,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1\n\npackage v1\n\n// LabelSe"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1beta1/register_go_gen.cue",
"chars": 151,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1beta1\n\npackage v1beta1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1beta1/types_go_gen.cue",
"chars": 8297,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1beta1\n\npackage v1beta1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/discovery/v1beta1/well_known_labels_go_gen.cue",
"chars": 852,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/discovery/v1beta1\n\npackage v1beta1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue",
"chars": 135,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/events/v1\n\npackage v1\n\n#GroupName: \""
},
{
"path": "cue/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue",
"chars": 5169,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/events/v1\n\npackage v1\n\nimport (\n\tmet"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/events/v1beta1/register_go_gen.cue",
"chars": 145,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/events/v1beta1\n\npackage v1beta1\n\n#Gr"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/events/v1beta1/types_go_gen.cue",
"chars": 4873,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/events/v1beta1\n\npackage v1beta1\n\nimp"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/extensions/v1beta1/register_go_gen.cue",
"chars": 146,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/extensions/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/extensions/v1beta1/types_go_gen.cue",
"chars": 77036,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/extensions/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1alpha1/doc_go_gen.cue",
"chars": 221,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1alpha1\n\n// Package v1a"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1alpha1/register_go_gen.cue",
"chars": 167,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1alpha1\n\npackage v1alph"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1alpha1/types_go_gen.cue",
"chars": 24484,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1alpha1\n\npackage v1alph"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta1/doc_go_gen.cue",
"chars": 218,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta1\n\n// Package v1be"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta1/register_go_gen.cue",
"chars": 165,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta1\n\npackage v1beta1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta1/types_go_gen.cue",
"chars": 26662,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta1\n\npackage v1beta1"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta2/doc_go_gen.cue",
"chars": 218,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta2\n\n// Package v1be"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta2/register_go_gen.cue",
"chars": 165,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta2\n\npackage v1beta2"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta2/types_go_gen.cue",
"chars": 26662,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta2\n\npackage v1beta2"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta3/doc_go_gen.cue",
"chars": 217,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta3\n\n// Package v1be"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta3/register_go_gen.cue",
"chars": 165,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta3\n\npackage v1beta3"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/flowcontrol/v1beta3/types_go_gen.cue",
"chars": 26775,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/flowcontrol/v1beta3\n\npackage v1beta3"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/imagepolicy/v1alpha1/register_go_gen.cue",
"chars": 157,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/imagepolicy/v1alpha1\n\npackage v1alph"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/imagepolicy/v1alpha1/types_go_gen.cue",
"chars": 2687,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/imagepolicy/v1alpha1\n\npackage v1alph"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue",
"chars": 143,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1\n\npackage v1\n\n#GroupNam"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue",
"chars": 30189,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1\n\npackage v1\n\nimport (\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue",
"chars": 464,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1\n\npackage v1\n\n// Annota"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1alpha1/register_go_gen.cue",
"chars": 155,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1alpha1\n\npackage v1alpha"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1alpha1/types_go_gen.cue",
"chars": 3106,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1alpha1\n\npackage v1alpha"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1beta1/register_go_gen.cue",
"chars": 153,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1beta1/types_go_gen.cue",
"chars": 16801,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/networking/v1beta1/well_known_annotations_go_gen.cue",
"chars": 794,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/networking/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue",
"chars": 131,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1\n\npackage v1\n\n#GroupName: \"no"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue",
"chars": 3929,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1\n\npackage v1\n\nimport (\n\tmetav"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1alpha1/register_go_gen.cue",
"chars": 143,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1alpha1\n\npackage v1alpha1\n\n#Gr"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1alpha1/types_go_gen.cue",
"chars": 4526,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1alpha1\n\npackage v1alpha1\n\nimp"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1beta1/register_go_gen.cue",
"chars": 141,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1beta1\n\npackage v1beta1\n\n#Grou"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/node/v1beta1/types_go_gen.cue",
"chars": 3955,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/node/v1beta1\n\npackage v1beta1\n\nimpor"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue",
"chars": 278,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1\n\n// Package policy is for "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue",
"chars": 128,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1\n\npackage v1\n\n#GroupName: \""
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue",
"chars": 9716,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1\n\npackage v1\n\nimport (\n\tmet"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1beta1/doc_go_gen.cue",
"chars": 288,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1beta1\n\n// Package policy is"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1beta1/register_go_gen.cue",
"chars": 138,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1beta1\n\npackage v1beta1\n\n#Gr"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/policy/v1beta1/types_go_gen.cue",
"chars": 29217,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/policy/v1beta1\n\npackage v1beta1\n\nimp"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue",
"chars": 145,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1\n\npackage v1\n\n#GroupName: \"rb"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue",
"chars": 8123,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1\n\npackage v1\n\nimport metav1 \""
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1alpha1/register_go_gen.cue",
"chars": 157,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1alpha1\n\npackage v1alpha1\n\n#Gr"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1alpha1/types_go_gen.cue",
"chars": 9093,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1alpha1\n\npackage v1alpha1\n\nimp"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1beta1/register_go_gen.cue",
"chars": 155,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1beta1\n\npackage v1beta1\n\n#Grou"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/rbac/v1beta1/types_go_gen.cue",
"chars": 9151,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/rbac/v1beta1\n\npackage v1beta1\n\nimpor"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/resource/v1alpha1/doc_go_gen.cue",
"chars": 185,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/resource/v1alpha1\n\n// Package v1alph"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/resource/v1alpha1/register_go_gen.cue",
"chars": 151,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/resource/v1alpha1\n\npackage v1alpha1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/resource/v1alpha1/types_go_gen.cue",
"chars": 14588,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/resource/v1alpha1\n\npackage v1alpha1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue",
"chars": 143,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1\n\npackage v1\n\n#GroupNam"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue",
"chars": 2206,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1\n\npackage v1\n\nimport (\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1alpha1/register_go_gen.cue",
"chars": 155,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1alpha1\n\npackage v1alpha"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1alpha1/types_go_gen.cue",
"chars": 2323,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1alpha1\n\npackage v1alpha"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1beta1/register_go_gen.cue",
"chars": 153,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/scheduling/v1beta1/types_go_gen.cue",
"chars": 2321,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/scheduling/v1beta1\n\npackage v1beta1\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue",
"chars": 137,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1\n\npackage v1\n\n#GroupName: "
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue",
"chars": 29614,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1\n\npackage v1\n\nimport (\n\tme"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1alpha1/register_go_gen.cue",
"chars": 149,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1alpha1\n\npackage v1alpha1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1alpha1/types_go_gen.cue",
"chars": 9163,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1alpha1\n\npackage v1alpha1\n\n"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1beta1/register_go_gen.cue",
"chars": 147,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1beta1\n\npackage v1beta1\n\n#G"
},
{
"path": "cue/cue.mod/gen/k8s.io/api/storage/v1beta1/types_go_gen.cue",
"chars": 29516,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/api/storage/v1beta1\n\npackage v1beta1\n\nim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue",
"chars": 186,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiexte"
},
{
"path": "cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue",
"chars": 178,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiexte"
},
{
"path": "cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue",
"chars": 26302,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiexte"
},
{
"path": "cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue",
"chars": 15958,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiexte"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue",
"chars": 884,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource\n\npackage r"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue",
"chars": 410,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource\n\npackage r"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue",
"chars": 3787,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource\n\npackage r"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue",
"chars": 211,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource\n\npackage r"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue",
"chars": 320,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue",
"chars": 1879,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue",
"chars": 1367,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue",
"chars": 374,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue",
"chars": 180,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue",
"chars": 433,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue",
"chars": 874,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue",
"chars": 72266,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\n// Packag"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue",
"chars": 870,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1\n\npackage v"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue",
"chars": 239,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue",
"chars": 778,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue",
"chars": 238,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\n// Package run"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue",
"chars": 269,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue",
"chars": 1535,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\n// Package run"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue",
"chars": 138,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue",
"chars": 571,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue",
"chars": 6827,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue",
"chars": 303,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue",
"chars": 348,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue",
"chars": 3073,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue",
"chars": 177,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/runtime\n\npackage runtim"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue",
"chars": 196,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/types\n\n// Package types"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue",
"chars": 201,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/types\n\npackage types\n\n#"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue",
"chars": 1552,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/types\n\npackage types\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue",
"chars": 718,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/types\n\npackage types\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue",
"chars": 355,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/types\n\npackage types\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue",
"chars": 727,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr\n\npackage in"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue",
"chars": 237,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/watch\n\n// Package watch"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue",
"chars": 237,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/watch\n\npackage watch\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue",
"chars": 625,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/watch\n\npackage watch\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue",
"chars": 403,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/watch\n\npackage watch\n\n/"
},
{
"path": "cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue",
"chars": 1404,
"preview": "// Code generated by cue get go. DO NOT EDIT.\n\n//cue:generate cue get go k8s.io/apimachinery/pkg/watch\n\npackage watch\n\ni"
},
{
"path": "cue/cue.mod/module.cue",
"chars": 53,
"preview": "module: \"github.com/stefanprodan/flux-local-dev/cue\"\n"
},
{
"path": "cue/go.mod",
"chars": 870,
"preview": "module github.com/stefanprodan/flux-local-dev/cue\n\ngo 1.18\n\nrequire (\n\tgithub.com/go-logr/logr v1.2.3 // indirect\n\tgithu"
},
{
"path": "cue/go.sum",
"chars": 7861,
"preview": "github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1"
},
{
"path": "cue/main.cue",
"chars": 888,
"preview": "package main\n\nimport (\n\tns \"github.com/stefanprodan/flux-local-dev/cue/namespace\"\n\tpodinfo \"github.com/stefanprodan/flux"
},
{
"path": "cue/main_tool.cue",
"chars": 749,
"preview": "package main\n\nimport (\n\t\"tool/cli\"\n\t\"encoding/yaml\"\n\t\"text/tabwriter\"\n\n\tkubernetes \"k8s.io/apimachinery/pkg/runtime\"\n)\n\n"
},
{
"path": "cue/namespace/api.cue",
"chars": 704,
"preview": "package namespace\n\n#AppNamespaceSpec: {\n\tname: string & =~\"^[a-z0-9]([a-z0-9\\\\-]){0,61}[a-z0-9]$\"\n\trole: *\"namespace-adm"
},
{
"path": "cue/namespace/namespace.cue",
"chars": 273,
"preview": "package namespace\n\nimport (\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#Namespace: corev1.#Namespace & {\n\t_spec: #AppNamespace"
},
{
"path": "cue/namespace/rbac.cue",
"chars": 1693,
"preview": "package namespace\n\nimport (\n\trbacv1 \"k8s.io/api/rbac/v1\"\n)\n\n// This binding grants full access to all objects within the"
},
{
"path": "cue/namespace/serviceaccount.cue",
"chars": 324,
"preview": "package namespace\n\nimport (\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#ServiceAccount: corev1.#ServiceAccount & {\n\t_spec: #Ap"
},
{
"path": "cue/podinfo/api.cue",
"chars": 1516,
"preview": "package podinfo\n\nimport (\n\tmetav1 \"k8s.io/apimachinery/pkg/apis/meta/v1\"\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#App: {\n\tspec: "
},
{
"path": "cue/podinfo/deployment.cue",
"chars": 2487,
"preview": "package podinfo\n\nimport (\n\tappsv1 \"k8s.io/api/apps/v1\"\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#Deployment: appsv1.#Deployment &"
},
{
"path": "cue/podinfo/hpa.cue",
"chars": 1045,
"preview": "package podinfo\n\nimport (\n\tautoscaling \"k8s.io/api/autoscaling/v2beta2\"\n)\n\n#hpaConfig: {\n\tenabled: *false | bool\n\tcp"
},
{
"path": "cue/podinfo/ingress.cue",
"chars": 889,
"preview": "package podinfo\n\nimport (\n\tnetv1 \"k8s.io/api/networking/v1\"\n)\n\n#ingressConfig: {\n\tenabled: *false | bool\n\tannotations?: "
},
{
"path": "cue/podinfo/service.cue",
"chars": 840,
"preview": "package podinfo\n\nimport (\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#serviceConfig: {\n\ttype: *\"ClusterIP\" | string\n\textern"
},
{
"path": "cue/podinfo/serviceaccount.cue",
"chars": 198,
"preview": "package podinfo\n\nimport (\n\tcorev1 \"k8s.io/api/core/v1\"\n)\n\n#ServiceAccount: corev1.#ServiceAccount & {\n\t_spec: #AppS"
},
{
"path": "cue/podinfo/servicemonitor.cue",
"chars": 457,
"preview": "package podinfo\n\n#serviceMonConfig: {\n\tenabled: *false | bool\n\tinterval: *\"15s\" | string\n}\n\n#ServiceMonitor: {\n\t_spec: "
},
{
"path": "kubernetes/apps/namespace.yaml",
"chars": 658,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n labels:\n toolkit.fluxcd.io/tenant: dev-team\n name: apps\n---\napiVersio"
},
{
"path": "kubernetes/apps/podinfo.yaml",
"chars": 1165,
"preview": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: HelmRepository\nmetadata:\n name: podinfo\n namespace: apps\nspec:\n in"
},
{
"path": "kubernetes/clusters/local/apps.yaml",
"chars": 549,
"preview": "---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: OCIRepository\nmetadata:\n name: apps-source\n namespace: flux-sys"
},
{
"path": "kubernetes/clusters/local/flux-system/cluster-source.yaml",
"chars": 257,
"preview": "---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: OCIRepository\nmetadata:\n name: cluster-source\n namespace: flux-"
},
{
"path": "kubernetes/clusters/local/flux-system/cluster-sync.yaml",
"chars": 300,
"preview": "---\napiVersion: kustomize.toolkit.fluxcd.io/v1\nkind: Kustomization\nmetadata:\n name: cluster-sync\n namespace: flux-syst"
},
{
"path": "kubernetes/clusters/local/flux-system/flux-pvc.yaml",
"chars": 215,
"preview": "---\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: flux-pvc\n namespace: flux-system\nspec:\n accessModes:\n"
},
{
"path": "kubernetes/clusters/local/flux-system/flux-source.yaml",
"chars": 263,
"preview": "---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: OCIRepository\nmetadata:\n name: flux-source\n namespace: flux-sys"
},
{
"path": "kubernetes/clusters/local/flux-system/flux-sync.yaml",
"chars": 2070,
"preview": "---\napiVersion: kustomize.toolkit.fluxcd.io/v1\nkind: Kustomization\nmetadata:\n name: flux-sync\n namespace: flux-system\n"
},
{
"path": "kubernetes/clusters/local/flux-system/kustomization.yaml",
"chars": 179,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n - cluster-source.yaml\n - cluster-sync.yaml"
}
]
// ... and 15 more files (download for full content)
About this extraction
This page contains the full source code of the stefanprodan/flux-local-dev GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 215 files (1.4 MB), approximately 367.7k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.