From 01a6c2c85ba0ab6a68588c42618e21e0faf1958f Mon Sep 17 00:00:00 2001 From: Adi Muraru Date: Tue, 2 Jun 2026 13:29:56 +0200 Subject: [PATCH 1/3] chore(claude): Add .claude/worktrees to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 009e10da1..dbecd7384 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,4 @@ manager_image_patch.yaml # the reasoning why we decided not to commit these. **/go.work **/go.work.sum +.claude/worktrees/** From d5781e7cac2ab1b6152bef5eab7a7b0968d225aa Mon Sep 17 00:00:00 2001 From: Adi Muraru Date: Tue, 2 Jun 2026 19:47:33 +0200 Subject: [PATCH 2/3] refactor: remove legacy banzaicloud istio-operator ingress (adobe/koperator#187) The vendored github.com/banzaicloud/istio-operator API is EOL/unmaintained and fundamentally incompatible with k8s >= 0.35: k8s dropped the proto.Message method set (ProtoMessage()) from core types, so the istio types' proto.Clone / jsonpb codepaths panic on any message embedding a k8s type (e.g. *corev1.LocalObjectReference). This blocks upgrading the k8s dependencies. Remove the istioingress external-listener support entirely (envoy / contour / nodeport remain; envoy stays the default): - Delete pkg/resources/istioingress, pkg/util/istioingress, the vendored third_party istio-operator + istio-client-go modules, the istio CRD test fixtures, the istioingress controller test, and the istio sample. - Drop the istioingress ingressController enum value, the spec.istioControlPlane field, IstioIngressConfig, and IstioControlPlaneReference from the KafkaCluster API; remove the istio scheme registrations, RBAC markers, reconciler wiring, and the istio branch of GetIngressConfigs / external-listener status. - Regenerate CRDs, RBAC and zz_generated.deepcopy; go mod tidy drops the istio modules. Remove the stale istio-operator entry from .licensei.toml and the istio CRD names from the e2e cleanup list. Co-Authored-By: Claude Sonnet 4.6 --- .licensei.toml | 1 - api/go.mod | 1 - api/go.sum | 19 - api/v1beta1/common_types.go | 6 - api/v1beta1/kafkacluster_types.go | 86 +- api/v1beta1/zz_generated.deepcopy.go | 100 - charts/kafka-operator/crds/kafkaclusters.yaml | 794 +-- .../templates/operator-rbac.yaml | 18 - .../kafka.banzaicloud.io_kafkaclusters.yaml | 794 +-- config/base/rbac/role.yaml | 18 - config/samples/kafkacluster-with-istio.yaml | 255 - ...stio.banzaicloud.io_istiomeshgateways.yaml | 1716 ------ .../istio/networking.istio.io_gateway.yaml | 258 - .../networking.istio.io_virtualservice.yaml | 1524 ----- controllers/kafkacluster_controller.go | 4 - .../tests/clusterregistry/suite_test.go | 5 - ...fkacluster_controller_istioingress_test.go | 774 --- controllers/tests/suite_test.go | 5 - go.mod | 8 +- go.sum | 4 - main.go | 8 - pkg/pki/k8scsrpki/k8scsr_user_test.go | 11 - pkg/resources/istioingress/gateway.go | 110 - pkg/resources/istioingress/istioingress.go | 168 - pkg/resources/istioingress/meshgateway.go | 143 - pkg/resources/istioingress/virtualservice.go | 200 - pkg/resources/kafka/kafka.go | 13 - pkg/resources/reconciler.go | 7 - pkg/util/istioingress/common.go | 24 - pkg/util/util.go | 29 - pkg/util/util_test.go | 101 - tests/e2e/const.go | 3 - .../banzaicloud/istio-client-go/.gitignore | 20 - .../banzaicloud/istio-client-go/LICENSE | 201 - .../banzaicloud/istio-client-go/README.md | 3 - .../banzaicloud/istio-client-go/go.mod | 26 - .../banzaicloud/istio-client-go/go.sum | 98 - .../pkg/common/v1alpha1/string.go | 33 - .../pkg/networking/register.go | 19 - .../v1beta1/destinationrule_types.go | 662 --- .../pkg/networking/v1beta1/doc.go | 18 - .../pkg/networking/v1beta1/gateway_types.go | 486 -- .../pkg/networking/v1beta1/register.go | 61 - .../networking/v1beta1/serviceentry_types.go | 529 -- .../pkg/networking/v1beta1/sidecar_types.go | 410 -- .../v1beta1/virtualservice_types.go | 1120 ---- .../networking/v1beta1/workloadentry_types.go | 190 - .../v1beta1/zz_generated.deepcopy.go | 1955 ------- .../banzaicloud/istio-operator/.editorconfig | 18 - .../banzaicloud/istio-operator/.gitignore | 33 - .../banzaicloud/istio-operator/.licensei.toml | 51 - .../banzaicloud/istio-operator/CODEOWNERS | 6 - .../istio-operator/CONTRIBUTING.md | 18 - .../banzaicloud/istio-operator/LICENSE | 201 - .../banzaicloud/istio-operator/README.md | 193 - .../banzaicloud/istio-operator/api/go.mod | 36 - .../banzaicloud/istio-operator/api/go.sum | 117 - .../istio-operator/api/options/options.pb.go | 109 - .../api/options/options.pb.html | 6 - .../istio-operator/api/options/options.proto | 29 - .../api/options/options_deepcopy.gen.go | 2 - .../api/options/options_json.gen.go | 11 - .../api/v1alpha1/common.gen.json | 2569 -------- .../istio-operator/api/v1alpha1/common.go | 76 - .../istio-operator/api/v1alpha1/common.pb.go | 3091 ---------- .../api/v1alpha1/common.pb.html | 2855 --------- .../istio-operator/api/v1alpha1/common.proto | 707 --- .../api/v1alpha1/common_deepcopy.gen.go | 447 -- .../api/v1alpha1/common_json.gen.go | 243 - .../api/v1alpha1/groupversion_info.go | 36 - .../api/v1alpha1/istio-operator.gen.json | 4347 -------------- .../api/v1alpha1/istiocontrolplane.gen.json | 5172 ----------------- .../api/v1alpha1/istiocontrolplane.pb.go | 3456 ----------- .../api/v1alpha1/istiocontrolplane.pb.html | 3085 ---------- .../api/v1alpha1/istiocontrolplane.proto | 411 -- .../istiocontrolplane_deepcopy.gen.go | 573 -- .../v1alpha1/istiocontrolplane_json.gen.go | 309 - .../api/v1alpha1/istiocontrolplane_types.go | 243 - .../api/v1alpha1/istiomesh.gen.json | 1971 ------- .../api/v1alpha1/istiomesh.pb.go | 286 - .../api/v1alpha1/istiomesh.pb.html | 115 - .../api/v1alpha1/istiomesh.proto | 63 - .../api/v1alpha1/istiomesh_deepcopy.gen.go | 48 - .../api/v1alpha1/istiomesh_json.gen.go | 34 - .../api/v1alpha1/istiomesh_types.go | 66 - .../api/v1alpha1/istiomeshgateway.gen.json | 2503 -------- .../api/v1alpha1/istiomeshgateway.pb.go | 504 -- .../api/v1alpha1/istiomeshgateway.pb.html | 856 --- .../api/v1alpha1/istiomeshgateway.proto | 99 - .../v1alpha1/istiomeshgateway_deepcopy.gen.go | 69 - .../api/v1alpha1/istiomeshgateway_json.gen.go | 45 - .../api/v1alpha1/istiomeshgateway_types.go | 116 - .../api/v1alpha1/zz_generated.deepcopy.go | 411 -- 93 files changed, 8 insertions(+), 48666 deletions(-) delete mode 100644 config/samples/kafkacluster-with-istio.yaml delete mode 100644 config/test/crd/istio/istio.banzaicloud.io_istiomeshgateways.yaml delete mode 100644 config/test/crd/istio/networking.istio.io_gateway.yaml delete mode 100644 config/test/crd/istio/networking.istio.io_virtualservice.yaml delete mode 100644 controllers/tests/kafkacluster_controller_istioingress_test.go delete mode 100644 pkg/resources/istioingress/gateway.go delete mode 100644 pkg/resources/istioingress/istioingress.go delete mode 100644 pkg/resources/istioingress/meshgateway.go delete mode 100644 pkg/resources/istioingress/virtualservice.go delete mode 100644 pkg/util/istioingress/common.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/.gitignore delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/LICENSE delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/README.md delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/go.mod delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/go.sum delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1/string.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/register.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/destinationrule_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/doc.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/gateway_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/register.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/serviceentry_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/sidecar_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/virtualservice_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/workloadentry_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/zz_generated.deepcopy.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/.editorconfig delete mode 100644 third_party/github.com/banzaicloud/istio-operator/.gitignore delete mode 100644 third_party/github.com/banzaicloud/istio-operator/.licensei.toml delete mode 100644 third_party/github.com/banzaicloud/istio-operator/CODEOWNERS delete mode 100644 third_party/github.com/banzaicloud/istio-operator/CONTRIBUTING.md delete mode 100644 third_party/github.com/banzaicloud/istio-operator/LICENSE delete mode 100644 third_party/github.com/banzaicloud/istio-operator/README.md delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/go.mod delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/go.sum delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.html delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/options/options.proto delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/options/options_deepcopy.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/options/options_json.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.gen.json delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.html delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.proto delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_deepcopy.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_json.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/groupversion_info.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istio-operator.gen.json delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.gen.json delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.html delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.proto delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_deepcopy.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_json.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.gen.json delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.html delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.proto delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_deepcopy.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_json.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.gen.json delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.html delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.proto delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_deepcopy.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_json.gen.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_types.go delete mode 100644 third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/zz_generated.deepcopy.go diff --git a/.licensei.toml b/.licensei.toml index d62c35d08..d6fb5ef45 100644 --- a/.licensei.toml +++ b/.licensei.toml @@ -50,5 +50,4 @@ ignored = [ # relying on a restored CI license cache. "github.com/banzaicloud/koperator/api", "github.com/banzaicloud/koperator/properties", - "github.com/banzaicloud/istio-operator/api/v2", ] diff --git a/api/go.mod b/api/go.mod index 4280d5b44..13da3a9cd 100644 --- a/api/go.mod +++ b/api/go.mod @@ -5,7 +5,6 @@ go 1.25.0 require ( dario.cat/mergo v1.0.2 emperror.dev/errors v0.8.1 - github.com/banzaicloud/istio-client-go v0.0.17 github.com/cert-manager/cert-manager v1.19.2 k8s.io/api v0.34.3 k8s.io/apimachinery v0.34.3 diff --git a/api/go.sum b/api/go.sum index b37891ae5..cfa94ed72 100644 --- a/api/go.sum +++ b/api/go.sum @@ -2,8 +2,6 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -github.com/banzaicloud/istio-client-go v0.0.17 h1:wiplbM7FDiIHopujInAnin3zuovtVcphtKy9En39q5I= -github.com/banzaicloud/istio-client-go v0.0.17/go.mod h1:rpnEYYGHzisx8nARl2d30Oq38EeCX0/PPaxMaREfE9I= github.com/cert-manager/cert-manager v1.19.2 h1:jSprN1h5pgNDSl7HClAmIzXuTxic/5FXJ32kbQHqjlM= github.com/cert-manager/cert-manager v1.19.2/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -13,12 +11,10 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= @@ -26,23 +22,17 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= @@ -57,7 +47,6 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -81,7 +70,6 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= @@ -95,12 +83,10 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -111,22 +97,18 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apimachinery v0.0.0-20190704094733-8f6ac2502e51/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= @@ -139,6 +121,5 @@ sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 902967438..df41632d0 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -199,12 +199,6 @@ const ( PKIBackendK8sCSR PKIBackend = "k8s-csr" ) -// IstioControlPlaneReference is a reference to the IstioControlPlane resource. -type IstioControlPlaneReference struct { - Name string `json:"name"` - Namespace string `json:"namespace"` -} - // GracefulActionState holds information about GracefulAction State type GracefulActionState struct { // CruiseControlState holds the information about graceful action state diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index cdb7671e1..c7daf2eee 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -24,8 +24,6 @@ import ( "dario.cat/mergo" - "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -131,19 +129,6 @@ const ( // KafkaBroker.spec.container["kafka"].image defaultKafkaImage = "ghcr.io/adobe/koperator/kafka:2.13-3.9.1" // renovate: datasource=docker depName=ghcr.io/adobe/koperator/kafka - /* Istio Ingress Config */ - - // IstioMeshGateway.spec.deployment.resources - defaultIstioIngressRequestResourceCpu = "100m" - defaultIstioIngressRequestResourceMemory = "128Mi" - defaultIstioIngressLimitResourceCpu = "2000m" - defaultIstioIngressLimitResourceMemory = "1024Mi" - - // IstioMeshGateway.spec.deployment.replicas.count - // IstioMeshGateway.spec.deployment.replicas.min - // IstioMeshGateway.spec.deployment.replicas.max - defaultReplicas = 1 - /* Monitor Config */ // KafkaBrokerPod.spec.initContainer["jmx-exporter"].command @@ -184,11 +169,9 @@ type KafkaClusterSpec struct { RollingUpgradeConfig RollingUpgradeConfig `json:"rollingUpgradeConfig"` // Selector for broker pods that need to be recycled/reconciled TaintedBrokersSelector *metav1.LabelSelector `json:"taintedBrokersSelector,omitempty"` - // +kubebuilder:validation:Enum=envoy;contour;istioingress - // IngressController specifies the type of the ingress controller to be used for external listeners. The `istioingress` ingress controller type requires the `spec.istioControlPlane` field to be populated as well. + // +kubebuilder:validation:Enum=envoy;contour + // IngressController specifies the type of the ingress controller to be used for external listeners. IngressController string `json:"ingressController,omitempty"` - // IstioControlPlane is a reference to the IstioControlPlane resource for envoy configuration. It must be specified if istio ingress is used. - IstioControlPlane *IstioControlPlaneReference `json:"istioControlPlane,omitempty"` // If true OneBrokerPerNode ensures that each kafka broker will be placed on a different node unless a custom // Affinity definition overrides this behavior OneBrokerPerNode bool `json:"oneBrokerPerNode"` @@ -203,7 +186,6 @@ type KafkaClusterSpec struct { ContourIngressConfig ContourIngressConfig `json:"contourIngressConfig,omitempty"` MonitoringConfig MonitoringConfig `json:"monitoringConfig,omitempty"` AlertManagerConfig *AlertManagerConfig `json:"alertManagerConfig,omitempty"` - IstioIngressConfig IstioIngressConfig `json:"istioIngressConfig,omitempty"` // Envs defines environment variables for Kafka broker Pods. // Adding the "+" prefix to the name prepends the value to that environment variable instead of overwriting it. // Add the "+" suffix to append. @@ -509,42 +491,6 @@ type EnvoyCommandLineArgs struct { Concurrency int32 `json:"concurrency,omitempty"` } -// IstioIngressConfig defines the config for the Istio Ingress Controller -type IstioIngressConfig struct { - Resources *corev1.ResourceRequirements `json:"resourceRequirements,omitempty"` - // +kubebuilder:validation:Minimum=1 - Replicas int32 `json:"replicas,omitempty"` - NodeSelector map[string]string `json:"nodeSelector,omitempty"` - Tolerations []*corev1.Toleration `json:"tolerations,omitempty"` - // Annotations defines the annotations placed on the istio ingress controller deployment - Annotations map[string]string `json:"annotations,omitempty"` - TLSOptions *v1beta1.TLSOptions `json:"gatewayConfig,omitempty"` - VirtualServiceAnnotations map[string]string `json:"virtualServiceAnnotations,omitempty"` - // Envs allows to add additional env vars to the istio meshgateway resource - Envs []*corev1.EnvVar `json:"envs,omitempty"` - // If specified and supported by the platform, traffic through the - // cloud-provider load-balancer will be restricted to the specified client - // IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - // +optional - LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"` -} - -func (iIConfig *IstioIngressConfig) GetAnnotations() map[string]string { - return util.CloneMap(iIConfig.Annotations) -} - -// GetVirtualServiceAnnotations returns a copy of the VirtualServiceAnnotations field -func (iIConfig *IstioIngressConfig) GetVirtualServiceAnnotations() map[string]string { - return util.CloneMap(iIConfig.VirtualServiceAnnotations) -} - -// GetLoadBalancerSourceRanges returns LoadBalancerSourceRanges to use for Istio Meshagetway generated LoadBalancer -func (iIConfig *IstioIngressConfig) GetLoadBalancerSourceRanges() []string { - return iIConfig.LoadBalancerSourceRanges -} - // MonitoringConfig defines the config for monitoring Kafka and Cruise Control type MonitoringConfig struct { JmxImage string `json:"jmxImage,omitempty"` @@ -725,7 +671,7 @@ type ExternalListenerConfig struct { // +optional AccessMethod corev1.ServiceType `json:"accessMethod,omitempty"` // Config allows to specify ingress controller configuration per external listener - // if set, it overrides the default `KafkaClusterSpec.IstioIngressConfig` or `KafkaClusterSpec.EnvoyConfig` for this external listener. + // if set, it overrides the default `KafkaClusterSpec.EnvoyConfig` for this external listener. // +optional Config *Config `json:"config,omitempty"` // TLS secret @@ -740,7 +686,6 @@ type Config struct { type IngressConfig struct { IngressServiceSettings `json:",inline"` - IstioIngressConfig *IstioIngressConfig `json:"istioIngressConfig,omitempty"` EnvoyConfig *EnvoyConfig `json:"envoyConfig,omitempty"` ContourIngressConfig *ContourIngressConfig `json:"contourIngressConfig,omitempty"` } @@ -858,23 +803,6 @@ func init() { SchemeBuilder.Register(&KafkaCluster{}, &KafkaClusterList{}) } -// GetResources returns the IstioIngress specific Kubernetes resources -func (iIConfig *IstioIngressConfig) GetResources() *corev1.ResourceRequirements { - if iIConfig.Resources != nil { - return iIConfig.Resources - } - return &corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse(defaultIstioIngressRequestResourceCpu), - corev1.ResourceMemory: resource.MustParse(defaultIstioIngressRequestResourceMemory), - }, - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse(defaultIstioIngressLimitResourceCpu), - corev1.ResourceMemory: resource.MustParse(defaultIstioIngressLimitResourceMemory), - }, - } -} - // GetListenerName returns the prepared listener name func (lP *CommonListenerSpec) GetListenerServiceName() string { if !strings.HasPrefix(lP.Name, "tcp-") { @@ -883,14 +811,6 @@ func (lP *CommonListenerSpec) GetListenerServiceName() string { return lP.Name } -// GetReplicas returns replicas used by the Istio Ingress deployment -func (iIConfig *IstioIngressConfig) GetReplicas() int32 { - if iIConfig.Replicas == 0 { - return defaultReplicas - } - return iIConfig.Replicas -} - // GetClientSSLCertSecretName returns the ClientSSLCertSecretName. It returns empty string if It's not specified func (k *KafkaClusterSpec) GetClientSSLCertSecretName() string { if k.ClientSSLCertSecret == nil { diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index cef0ed5b3..88563c7ce 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -22,7 +22,6 @@ limitations under the License. package v1beta1 import ( - networkingv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" apismetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -623,11 +622,6 @@ func (in *GracefulActionState) DeepCopy() *GracefulActionState { func (in *IngressConfig) DeepCopyInto(out *IngressConfig) { *out = *in in.IngressServiceSettings.DeepCopyInto(&out.IngressServiceSettings) - if in.IstioIngressConfig != nil { - in, out := &in.IstioIngressConfig, &out.IstioIngressConfig - *out = new(IstioIngressConfig) - (*in).DeepCopyInto(*out) - } if in.EnvoyConfig != nil { in, out := &in.EnvoyConfig, &out.EnvoyConfig *out = new(EnvoyConfig) @@ -688,94 +682,6 @@ func (in *InternalListenerConfig) DeepCopy() *InternalListenerConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioControlPlaneReference) DeepCopyInto(out *IstioControlPlaneReference) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneReference. -func (in *IstioControlPlaneReference) DeepCopy() *IstioControlPlaneReference { - if in == nil { - return nil - } - out := new(IstioControlPlaneReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioIngressConfig) DeepCopyInto(out *IstioIngressConfig) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = new(v1.ResourceRequirements) - (*in).DeepCopyInto(*out) - } - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]*v1.Toleration, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(v1.Toleration) - (*in).DeepCopyInto(*out) - } - } - } - if in.Annotations != nil { - in, out := &in.Annotations, &out.Annotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.TLSOptions != nil { - in, out := &in.TLSOptions, &out.TLSOptions - *out = new(networkingv1beta1.TLSOptions) - (*in).DeepCopyInto(*out) - } - if in.VirtualServiceAnnotations != nil { - in, out := &in.VirtualServiceAnnotations, &out.VirtualServiceAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Envs != nil { - in, out := &in.Envs, &out.Envs - *out = make([]*v1.EnvVar, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(v1.EnvVar) - (*in).DeepCopyInto(*out) - } - } - } - if in.LoadBalancerSourceRanges != nil { - in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressConfig. -func (in *IstioIngressConfig) DeepCopy() *IstioIngressConfig { - if in == nil { - return nil - } - out := new(IstioIngressConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KafkaCluster) DeepCopyInto(out *KafkaCluster) { *out = *in @@ -875,11 +781,6 @@ func (in *KafkaClusterSpec) DeepCopyInto(out *KafkaClusterSpec) { *out = new(metav1.LabelSelector) (*in).DeepCopyInto(*out) } - if in.IstioControlPlane != nil { - in, out := &in.IstioControlPlane, &out.IstioControlPlane - *out = new(IstioControlPlaneReference) - **out = **in - } in.CruiseControlConfig.DeepCopyInto(&out.CruiseControlConfig) in.EnvoyConfig.DeepCopyInto(&out.EnvoyConfig) out.ContourIngressConfig = in.ContourIngressConfig @@ -889,7 +790,6 @@ func (in *KafkaClusterSpec) DeepCopyInto(out *KafkaClusterSpec) { *out = new(AlertManagerConfig) **out = **in } - in.IstioIngressConfig.DeepCopyInto(&out.IstioIngressConfig) if in.Envs != nil { in, out := &in.Envs, &out.Envs *out = make([]v1.EnvVar, len(*in)) diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index e3fd3e25d..49d3c3171 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -20944,407 +20944,11 @@ spec: type: boolean ingressController: description: IngressController specifies the type of the ingress controller - to be used for external listeners. The `istioingress` ingress controller - type requires the `spec.istioControlPlane` field to be populated - as well. + to be used for external listeners. enum: - envoy - contour - - istioingress type: string - istioControlPlane: - description: IstioControlPlane is a reference to the IstioControlPlane - resource for envoy configuration. It must be specified if istio - ingress is used. - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - type: object - istioIngressConfig: - description: IstioIngressConfig defines the config for the Istio Ingress - Controller - properties: - annotations: - additionalProperties: - type: string - description: Annotations defines the annotations placed on the - istio ingress controller deployment - type: object - envs: - description: Envs allows to add additional env vars to the istio - meshgateway resource - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: |- - Name of the environment variable. - May consist of any printable ASCII characters except '='. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - fileKeyRef: - description: |- - FileKeyRef selects a key of the env file. - Requires the EnvFiles feature gate to be enabled. - properties: - key: - description: |- - The key within the env file. An invalid key will prevent the pod from starting. - The keys defined within a source may consist of any printable ASCII characters except '='. - During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. - type: string - optional: - default: false - description: |- - Specify whether the file or its key must be defined. If the file or key - does not exist, then the env var is not published. - If optional is set to true and the specified key does not exist, - the environment variable will not be set in the Pod's containers. - - If optional is set to false and the specified key does not exist, - an error will be returned during Pod creation. - type: boolean - path: - description: |- - The path within the volume from which to select the file. - Must be relative and may not contain the '..' path or start with '..'. - type: string - volumeName: - description: The name of the volume mount containing - the env file. - type: string - required: - - key - - path - - volumeName - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gatewayConfig: - properties: - caCertificates: - description: |- - REQUIRED if mode is `MUTUAL`. The path to a file containing - certificate authority certificates to use in verifying a presented - client side certificate. - type: string - cipherSuites: - description: |- - Optional: If specified, only support the specified cipher list. - Otherwise default to the default cipher list supported by Envoy. - items: - type: string - type: array - credentialName: - description: |- - The credentialName stands for a unique identifier that can be used - to identify the serverCertificate and the privateKey. The - credentialName appended with suffix "-cacert" is used to identify - the CaCertificates associated with this server. Gateway workloads - capable of fetching credentials from a remote credential store such - as Kubernetes secrets, will be configured to retrieve the - serverCertificate and the privateKey using credentialName, instead - of using the file system paths specified above. If using mutual TLS, - gateway workload instances will retrieve the CaCertificates using - credentialName-cacert. The semantics of the name are platform - dependent. In Kubernetes, the default Istio supplied credential - server expects the credentialName to match the name of the - Kubernetes secret that holds the server certificate, the private - key, and the CA certificate (if using mutual TLS). Set the - `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to - enable the dynamic credential fetching feature. - type: string - httpsRedirect: - description: |- - If set to true, the load balancer will send a 301 redirect for all - http connections, asking the clients to use HTTPS. - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - type: string - mode: - description: |- - Optional: Indicates whether connections to this port should be - secured using TLS. The value of this field determines how TLS is - enforced. - type: string - privateKey: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server's private key. - type: string - serverCertificate: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server-side TLS certificate to use. - type: string - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the - certificate presented by the client. - items: - type: string - type: array - verifyCertificateHash: - description: |- - An optional list of hex-encoded SHA-256 hashes of the - authorized client certificates. Both simple and colon separated - formats are acceptable. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - verifyCertificateSpki: - description: |- - An optional list of base64-encoded SHA-256 hashes of the SKPIs of - authorized client certificates. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - type: object - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, traffic through the - cloud-provider load-balancer will be restricted to the specified client - IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - items: - type: string - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resourceRequirements: - description: ResourceRequirements describes the compute resource - requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This field depends on the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - virtualServiceAnnotations: - additionalProperties: - type: string - type: object - type: object kRaft: default: false description: |- @@ -21381,7 +20985,7 @@ spec: config: description: |- Config allows to specify ingress controller configuration per external listener - if set, it overrides the default `KafkaClusterSpec.IstioIngressConfig` or `KafkaClusterSpec.EnvoyConfig` for this external listener. + if set, it overrides the default `KafkaClusterSpec.EnvoyConfig` for this external listener. properties: defaultIngressConfig: type: string @@ -23023,400 +22627,6 @@ spec: In case of external listeners using NodePort access method the broker instead of node public IP (see "brokerConfig.nodePortExternalIP") is advertised on the address having the following format: -. type: string - istioIngressConfig: - description: IstioIngressConfig defines the config - for the Istio Ingress Controller - properties: - annotations: - additionalProperties: - type: string - description: Annotations defines the annotations - placed on the istio ingress controller deployment - type: object - envs: - description: Envs allows to add additional - env vars to the istio meshgateway resource - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: |- - Name of the environment variable. - May consist of any printable ASCII characters except '='. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a - ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - fileKeyRef: - description: |- - FileKeyRef selects a key of the env file. - Requires the EnvFiles feature gate to be enabled. - properties: - key: - description: |- - The key within the env file. An invalid key will prevent the pod from starting. - The keys defined within a source may consist of any printable ASCII characters except '='. - During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. - type: string - optional: - default: false - description: |- - Specify whether the file or its key must be defined. If the file or key - does not exist, then the env var is not published. - If optional is set to true and the specified key does not exist, - the environment variable will not be set in the Pod's containers. - - If optional is set to false and the specified key does not exist, - an error will be returned during Pod creation. - type: boolean - path: - description: |- - The path within the volume from which to select the file. - Must be relative and may not contain the '..' path or start with '..'. - type: string - volumeName: - description: The name of the - volume mount containing the - env file. - type: string - required: - - key - - path - - volumeName - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a - secret in the pod's namespace - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gatewayConfig: - properties: - caCertificates: - description: |- - REQUIRED if mode is `MUTUAL`. The path to a file containing - certificate authority certificates to use in verifying a presented - client side certificate. - type: string - cipherSuites: - description: |- - Optional: If specified, only support the specified cipher list. - Otherwise default to the default cipher list supported by Envoy. - items: - type: string - type: array - credentialName: - description: |- - The credentialName stands for a unique identifier that can be used - to identify the serverCertificate and the privateKey. The - credentialName appended with suffix "-cacert" is used to identify - the CaCertificates associated with this server. Gateway workloads - capable of fetching credentials from a remote credential store such - as Kubernetes secrets, will be configured to retrieve the - serverCertificate and the privateKey using credentialName, instead - of using the file system paths specified above. If using mutual TLS, - gateway workload instances will retrieve the CaCertificates using - credentialName-cacert. The semantics of the name are platform - dependent. In Kubernetes, the default Istio supplied credential - server expects the credentialName to match the name of the - Kubernetes secret that holds the server certificate, the private - key, and the CA certificate (if using mutual TLS). Set the - `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to - enable the dynamic credential fetching feature. - type: string - httpsRedirect: - description: |- - If set to true, the load balancer will send a 301 redirect for all - http connections, asking the clients to use HTTPS. - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol - version.' - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol - version.' - type: string - mode: - description: |- - Optional: Indicates whether connections to this port should be - secured using TLS. The value of this field determines how TLS is - enforced. - type: string - privateKey: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server's private key. - type: string - serverCertificate: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server-side TLS certificate to use. - type: string - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the - certificate presented by the client. - items: - type: string - type: array - verifyCertificateHash: - description: |- - An optional list of hex-encoded SHA-256 hashes of the - authorized client certificates. Both simple and colon separated - formats are acceptable. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - verifyCertificateSpki: - description: |- - An optional list of base64-encoded SHA-256 hashes of the SKPIs of - authorized client certificates. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - type: object - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, traffic through the - cloud-provider load-balancer will be restricted to the specified client - IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - items: - type: string - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resourceRequirements: - description: ResourceRequirements describes - the compute resource requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This field depends on the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - virtualServiceAnnotations: - additionalProperties: - type: string - type: object - type: object serviceAnnotations: additionalProperties: type: string diff --git a/charts/kafka-operator/templates/operator-rbac.yaml b/charts/kafka-operator/templates/operator-rbac.yaml index 63b35e27e..2fcadd3b4 100644 --- a/charts/kafka-operator/templates/operator-rbac.yaml +++ b/charts/kafka-operator/templates/operator-rbac.yaml @@ -189,12 +189,6 @@ rules: - patch - update - watch -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' - apiGroups: - policy resources: @@ -219,18 +213,6 @@ rules: - patch - update - watch -- apiGroups: - - servicemesh.cisco.com - resources: - - istiomeshgateways - verbs: - - create - - delete - - get - - list - - patch - - update - - watch # RBAC_RULES_END --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index e3fd3e25d..49d3c3171 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -20944,407 +20944,11 @@ spec: type: boolean ingressController: description: IngressController specifies the type of the ingress controller - to be used for external listeners. The `istioingress` ingress controller - type requires the `spec.istioControlPlane` field to be populated - as well. + to be used for external listeners. enum: - envoy - contour - - istioingress type: string - istioControlPlane: - description: IstioControlPlane is a reference to the IstioControlPlane - resource for envoy configuration. It must be specified if istio - ingress is used. - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - type: object - istioIngressConfig: - description: IstioIngressConfig defines the config for the Istio Ingress - Controller - properties: - annotations: - additionalProperties: - type: string - description: Annotations defines the annotations placed on the - istio ingress controller deployment - type: object - envs: - description: Envs allows to add additional env vars to the istio - meshgateway resource - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: |- - Name of the environment variable. - May consist of any printable ASCII characters except '='. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - fileKeyRef: - description: |- - FileKeyRef selects a key of the env file. - Requires the EnvFiles feature gate to be enabled. - properties: - key: - description: |- - The key within the env file. An invalid key will prevent the pod from starting. - The keys defined within a source may consist of any printable ASCII characters except '='. - During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. - type: string - optional: - default: false - description: |- - Specify whether the file or its key must be defined. If the file or key - does not exist, then the env var is not published. - If optional is set to true and the specified key does not exist, - the environment variable will not be set in the Pod's containers. - - If optional is set to false and the specified key does not exist, - an error will be returned during Pod creation. - type: boolean - path: - description: |- - The path within the volume from which to select the file. - Must be relative and may not contain the '..' path or start with '..'. - type: string - volumeName: - description: The name of the volume mount containing - the env file. - type: string - required: - - key - - path - - volumeName - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gatewayConfig: - properties: - caCertificates: - description: |- - REQUIRED if mode is `MUTUAL`. The path to a file containing - certificate authority certificates to use in verifying a presented - client side certificate. - type: string - cipherSuites: - description: |- - Optional: If specified, only support the specified cipher list. - Otherwise default to the default cipher list supported by Envoy. - items: - type: string - type: array - credentialName: - description: |- - The credentialName stands for a unique identifier that can be used - to identify the serverCertificate and the privateKey. The - credentialName appended with suffix "-cacert" is used to identify - the CaCertificates associated with this server. Gateway workloads - capable of fetching credentials from a remote credential store such - as Kubernetes secrets, will be configured to retrieve the - serverCertificate and the privateKey using credentialName, instead - of using the file system paths specified above. If using mutual TLS, - gateway workload instances will retrieve the CaCertificates using - credentialName-cacert. The semantics of the name are platform - dependent. In Kubernetes, the default Istio supplied credential - server expects the credentialName to match the name of the - Kubernetes secret that holds the server certificate, the private - key, and the CA certificate (if using mutual TLS). Set the - `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to - enable the dynamic credential fetching feature. - type: string - httpsRedirect: - description: |- - If set to true, the load balancer will send a 301 redirect for all - http connections, asking the clients to use HTTPS. - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - type: string - mode: - description: |- - Optional: Indicates whether connections to this port should be - secured using TLS. The value of this field determines how TLS is - enforced. - type: string - privateKey: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server's private key. - type: string - serverCertificate: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server-side TLS certificate to use. - type: string - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the - certificate presented by the client. - items: - type: string - type: array - verifyCertificateHash: - description: |- - An optional list of hex-encoded SHA-256 hashes of the - authorized client certificates. Both simple and colon separated - formats are acceptable. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - verifyCertificateSpki: - description: |- - An optional list of base64-encoded SHA-256 hashes of the SKPIs of - authorized client certificates. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - type: object - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, traffic through the - cloud-provider load-balancer will be restricted to the specified client - IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - items: - type: string - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resourceRequirements: - description: ResourceRequirements describes the compute resource - requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This field depends on the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - virtualServiceAnnotations: - additionalProperties: - type: string - type: object - type: object kRaft: default: false description: |- @@ -21381,7 +20985,7 @@ spec: config: description: |- Config allows to specify ingress controller configuration per external listener - if set, it overrides the default `KafkaClusterSpec.IstioIngressConfig` or `KafkaClusterSpec.EnvoyConfig` for this external listener. + if set, it overrides the default `KafkaClusterSpec.EnvoyConfig` for this external listener. properties: defaultIngressConfig: type: string @@ -23023,400 +22627,6 @@ spec: In case of external listeners using NodePort access method the broker instead of node public IP (see "brokerConfig.nodePortExternalIP") is advertised on the address having the following format: -. type: string - istioIngressConfig: - description: IstioIngressConfig defines the config - for the Istio Ingress Controller - properties: - annotations: - additionalProperties: - type: string - description: Annotations defines the annotations - placed on the istio ingress controller deployment - type: object - envs: - description: Envs allows to add additional - env vars to the istio meshgateway resource - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: |- - Name of the environment variable. - May consist of any printable ASCII characters except '='. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a - ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - fileKeyRef: - description: |- - FileKeyRef selects a key of the env file. - Requires the EnvFiles feature gate to be enabled. - properties: - key: - description: |- - The key within the env file. An invalid key will prevent the pod from starting. - The keys defined within a source may consist of any printable ASCII characters except '='. - During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. - type: string - optional: - default: false - description: |- - Specify whether the file or its key must be defined. If the file or key - does not exist, then the env var is not published. - If optional is set to true and the specified key does not exist, - the environment variable will not be set in the Pod's containers. - - If optional is set to false and the specified key does not exist, - an error will be returned during Pod creation. - type: boolean - path: - description: |- - The path within the volume from which to select the file. - Must be relative and may not contain the '..' path or start with '..'. - type: string - volumeName: - description: The name of the - volume mount containing the - env file. - type: string - required: - - key - - path - - volumeName - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a - secret in the pod's namespace - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gatewayConfig: - properties: - caCertificates: - description: |- - REQUIRED if mode is `MUTUAL`. The path to a file containing - certificate authority certificates to use in verifying a presented - client side certificate. - type: string - cipherSuites: - description: |- - Optional: If specified, only support the specified cipher list. - Otherwise default to the default cipher list supported by Envoy. - items: - type: string - type: array - credentialName: - description: |- - The credentialName stands for a unique identifier that can be used - to identify the serverCertificate and the privateKey. The - credentialName appended with suffix "-cacert" is used to identify - the CaCertificates associated with this server. Gateway workloads - capable of fetching credentials from a remote credential store such - as Kubernetes secrets, will be configured to retrieve the - serverCertificate and the privateKey using credentialName, instead - of using the file system paths specified above. If using mutual TLS, - gateway workload instances will retrieve the CaCertificates using - credentialName-cacert. The semantics of the name are platform - dependent. In Kubernetes, the default Istio supplied credential - server expects the credentialName to match the name of the - Kubernetes secret that holds the server certificate, the private - key, and the CA certificate (if using mutual TLS). Set the - `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to - enable the dynamic credential fetching feature. - type: string - httpsRedirect: - description: |- - If set to true, the load balancer will send a 301 redirect for all - http connections, asking the clients to use HTTPS. - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol - version.' - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol - version.' - type: string - mode: - description: |- - Optional: Indicates whether connections to this port should be - secured using TLS. The value of this field determines how TLS is - enforced. - type: string - privateKey: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server's private key. - type: string - serverCertificate: - description: |- - REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - holding the server-side TLS certificate to use. - type: string - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the - certificate presented by the client. - items: - type: string - type: array - verifyCertificateHash: - description: |- - An optional list of hex-encoded SHA-256 hashes of the - authorized client certificates. Both simple and colon separated - formats are acceptable. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - verifyCertificateSpki: - description: |- - An optional list of base64-encoded SHA-256 hashes of the SKPIs of - authorized client certificates. - Note: When both verify_certificate_hash and verify_certificate_spki - are specified, a hash matching either value will result in the - certificate being accepted. - items: - type: string - type: array - type: object - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, traffic through the - cloud-provider load-balancer will be restricted to the specified client - IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - items: - type: string - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resourceRequirements: - description: ResourceRequirements describes - the compute resource requirements. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This field depends on the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - tolerations: - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - virtualServiceAnnotations: - additionalProperties: - type: string - type: object - type: object serviceAnnotations: additionalProperties: type: string diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml index c119e008f..524ff09ac 100644 --- a/config/base/rbac/role.yaml +++ b/config/base/rbac/role.yaml @@ -166,12 +166,6 @@ rules: - patch - update - watch -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' - apiGroups: - policy resources: @@ -196,15 +190,3 @@ rules: - patch - update - watch -- apiGroups: - - servicemesh.cisco.com - resources: - - istiomeshgateways - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/config/samples/kafkacluster-with-istio.yaml b/config/samples/kafkacluster-with-istio.yaml deleted file mode 100644 index 8b316c9b2..000000000 --- a/config/samples/kafkacluster-with-istio.yaml +++ /dev/null @@ -1,255 +0,0 @@ -apiVersion: kafka.banzaicloud.io/v1beta1 -kind: KafkaCluster -metadata: - labels: - controller-tools.k8s.io: "1.0" - name: kafka -spec: - headlessServiceEnabled: false - ingressController: "istioingress" - istioControlPlane: - name: icp-v115x-sample # The name of the existing istio control plane should be used here - namespace: istio-system - istioIngressConfig: - gatewayConfig: - mode: ISTIO_MUTUAL - zkAddresses: - - "zookeeper-server-client.zookeeper:2181" - oneBrokerPerNode: false - clusterImage: "ghcr.io/adobe/koperator/kafka:2.13-3.9.1" - readOnlyConfig: | - auto.create.topics.enable=false - cruise.control.metrics.topic.auto.create=true - cruise.control.metrics.topic.num.partitions=1 - cruise.control.metrics.topic.replication.factor=2 - brokerConfigGroups: - default: - brokerAnnotations: - sidecar.istio.io/userVolumeMount: '[{"name":"exitfile", "mountPath":"/var/run/wait", "readonly":true}]' - storageConfigs: - - mountPath: "/kafka-logs" - pvcSpec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - brokers: - - id: 0 - brokerConfigGroup: "default" - - id: 1 - brokerConfigGroup: "default" - - id: 2 - brokerConfigGroup: "default" - rollingUpgradeConfig: - failureThreshold: 1 - listenersConfig: - internalListeners: - - type: "plaintext" - name: "internal" - containerPort: 29092 - usedForInnerBrokerCommunication: true - - type: "plaintext" - name: "controller" - containerPort: 29093 - usedForInnerBrokerCommunication: false - usedForControllerCommunication: true - externalListeners: - - type: "plaintext" - name: "external" - externalStartingPort: 19090 - containerPort: 9094 - cruiseControlConfig: - topicConfig: - partitions: 12 - replicationFactor: 3 - config: | - # Copyright 2017 LinkedIn Corp. Licensed under the BSD 2-Clause License (the "License"). See License in the project root for license information. - # - # This is an example property file for Kafka Cruise Control. See KafkaCruiseControlConfig for more details. - # Configuration for the metadata client. - # ======================================= - # The maximum interval in milliseconds between two metadata refreshes. - #metadata.max.age.ms=300000 - # Client id for the Cruise Control. It is used for the metadata client. - #client.id=kafka-cruise-control - # The size of TCP send buffer bytes for the metadata client. - #send.buffer.bytes=131072 - # The size of TCP receive buffer size for the metadata client. - #receive.buffer.bytes=131072 - # The time to wait before disconnect an idle TCP connection. - #connections.max.idle.ms=540000 - # The time to wait before reconnect to a given host. - #reconnect.backoff.ms=50 - # The time to wait for a response from a host after sending a request. - #request.timeout.ms=30000 - # Configurations for the load monitor - # ======================================= - # The number of metric fetcher thread to fetch metrics for the Kafka cluster - num.metric.fetchers=1 - # The metric sampler class - metric.sampler.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.CruiseControlMetricsReporterSampler - # Configurations for CruiseControlMetricsReporterSampler - metric.reporter.topic.pattern=__CruiseControlMetrics - # The sample store class name - sample.store.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.KafkaSampleStore - # The config for the Kafka sample store to save the partition metric samples - partition.metric.sample.store.topic=__KafkaCruiseControlPartitionMetricSamples - # The config for the Kafka sample store to save the model training samples - broker.metric.sample.store.topic=__KafkaCruiseControlModelTrainingSamples - # The replication factor of Kafka metric sample store topic - sample.store.topic.replication.factor=2 - # The config for the number of Kafka sample store consumer threads - num.sample.loading.threads=8 - # The partition assignor class for the metric samplers - metric.sampler.partition.assignor.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.DefaultMetricSamplerPartitionAssignor - # The metric sampling interval in milliseconds - metric.sampling.interval.ms=120000 - metric.anomaly.detection.interval.ms=180000 - # The partition metrics window size in milliseconds - partition.metrics.window.ms=300000 - # The number of partition metric windows to keep in memory - num.partition.metrics.windows=1 - # The minimum partition metric samples required for a partition in each window - min.samples.per.partition.metrics.window=1 - # The broker metrics window size in milliseconds - broker.metrics.window.ms=300000 - # The number of broker metric windows to keep in memory - num.broker.metrics.windows=20 - # The minimum broker metric samples required for a partition in each window - min.samples.per.broker.metrics.window=1 - # The configuration for the BrokerCapacityConfigFileResolver (supports JBOD and non-JBOD broker capacities) - capacity.config.file=config/capacity.json - #capacity.config.file=config/capacityJBOD.json - # Configurations for the analyzer - # ======================================= - # The list of goals to optimize the Kafka cluster for with pre-computed proposals - default.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PotentialNwOutGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.TopicReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderBytesInDistributionGoal - # The list of supported goals - goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PotentialNwOutGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.TopicReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderBytesInDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.kafkaassigner.KafkaAssignerDiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PreferredLeaderElectionGoal - # The list of supported hard goals - hard.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal - # The minimum percentage of well monitored partitions out of all the partitions - min.monitored.partition.percentage=0.95 - # The balance threshold for CPU - cpu.balance.threshold=1.1 - # The balance threshold for disk - disk.balance.threshold=1.1 - # The balance threshold for network inbound utilization - network.inbound.balance.threshold=1.1 - # The balance threshold for network outbound utilization - network.outbound.balance.threshold=1.1 - # The balance threshold for the replica count - replica.count.balance.threshold=1.1 - # The capacity threshold for CPU in percentage - cpu.capacity.threshold=0.8 - # The capacity threshold for disk in percentage - disk.capacity.threshold=0.8 - # The capacity threshold for network inbound utilization in percentage - network.inbound.capacity.threshold=0.8 - # The capacity threshold for network outbound utilization in percentage - network.outbound.capacity.threshold=0.8 - # The threshold to define the cluster to be in a low CPU utilization state - cpu.low.utilization.threshold=0.0 - # The threshold to define the cluster to be in a low disk utilization state - disk.low.utilization.threshold=0.0 - # The threshold to define the cluster to be in a low network inbound utilization state - network.inbound.low.utilization.threshold=0.0 - # The threshold to define the cluster to be in a low disk utilization state - network.outbound.low.utilization.threshold=0.0 - # The metric anomaly percentile upper threshold - metric.anomaly.percentile.upper.threshold=90.0 - # The metric anomaly percentile lower threshold - metric.anomaly.percentile.lower.threshold=10.0 - # How often should the cached proposal be expired and recalculated if necessary - proposal.expiration.ms=60000 - # The maximum number of replicas that can reside on a broker at any given time. - max.replicas.per.broker=10000 - # The number of threads to use for proposal candidate precomputing. - num.proposal.precompute.threads=1 - # the topics that should be excluded from the partition movement. - #topics.excluded.from.partition.movement - # Configurations for the executor - # ======================================= - # The max number of partitions to move in/out on a given broker at a given time. - num.concurrent.partition.movements.per.broker=10 - # The interval between two execution progress checks. - execution.progress.check.interval.ms=10000 - # Configurations for anomaly detector - # ======================================= - # The goal violation notifier class - anomaly.notifier.class=com.linkedin.kafka.cruisecontrol.detector.notifier.SelfHealingNotifier - # The metric anomaly finder class - metric.anomaly.finder.class=com.linkedin.kafka.cruisecontrol.detector.KafkaMetricAnomalyFinder - # The anomaly detection interval - anomaly.detection.interval.ms=10000 - # The goal violation to detect. - anomaly.detection.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal - # The interested metrics for metric anomaly analyzer. - metric.anomaly.analyzer.metrics=BROKER_PRODUCE_LOCAL_TIME_MS_MAX,BROKER_PRODUCE_LOCAL_TIME_MS_MEAN,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_MAX,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_MEAN,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_MAX,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_MEAN,BROKER_LOG_FLUSH_TIME_MS_MAX,BROKER_LOG_FLUSH_TIME_MS_MEAN - ## Adjust accordingly if your metrics reporter is an older version and does not produce these metrics. - #metric.anomaly.analyzer.metrics=BROKER_PRODUCE_LOCAL_TIME_MS_50TH,BROKER_PRODUCE_LOCAL_TIME_MS_999TH,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_50TH,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_999TH,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_50TH,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_999TH,BROKER_LOG_FLUSH_TIME_MS_50TH,BROKER_LOG_FLUSH_TIME_MS_999TH - # The zk path to store failed broker information. - failed.brokers.zk.path=/CruiseControlBrokerList - # Topic config provider class - topic.config.provider.class=com.linkedin.kafka.cruisecontrol.config.KafkaTopicConfigProvider - # The cluster configurations for the KafkaTopicConfigProvider - cluster.configs.file=config/clusterConfigs.json - # The maximum time in milliseconds to store the response and access details of a completed user task. - completed.user.task.retention.time.ms=21600000 - # The maximum time in milliseconds to retain the demotion history of brokers. - demotion.history.retention.time.ms=86400000 - # The maximum number of completed user tasks for which the response and access details will be cached. - max.cached.completed.user.tasks=500 - # The maximum number of user tasks for concurrently running in async endpoints across all users. - max.active.user.tasks=25 - # Enable self healing for all anomaly detectors, unless the particular anomaly detector is explicitly disabled - self.healing.enabled=true - # Enable self healing for broker failure detector - #self.healing.broker.failure.enabled=true - # Enable self healing for goal violation detector - #self.healing.goal.violation.enabled=true - # Enable self healing for metric anomaly detector - #self.healing.metric.anomaly.enabled=true - # configurations for the webserver - # ================================ - # HTTP listen port - webserver.http.port=9090 - # HTTP listen address - webserver.http.address=0.0.0.0 - # Whether CORS support is enabled for API or not - webserver.http.cors.enabled=false - # Value for Access-Control-Allow-Origin - webserver.http.cors.origin=http://localhost:8080/ - # Value for Access-Control-Request-Method - webserver.http.cors.allowmethods=OPTIONS,GET,POST - # Headers that should be exposed to the Browser (Webapp) - # This is a special header that is used by the - # User Tasks subsystem and should be explicitly - # Enabled when CORS mode is used as part of the - # Admin Interface - webserver.http.cors.exposeheaders=User-Task-ID - # REST API default prefix - # (dont forget the ending *) - webserver.api.urlprefix=/kafkacruisecontrol/* - # Location where the Cruise Control frontend is deployed - webserver.ui.diskpath=./cruise-control-ui/dist/ - # URL path prefix for UI - # (dont forget the ending *) - webserver.ui.urlprefix=/* - # Time After which request is converted to Async - webserver.request.maxBlockTimeMs=10000 - # Default Session Expiry Period - webserver.session.maxExpiryTimeMs=60000 - # Session cookie path - webserver.session.path=/ - # Server Access Logs - webserver.accesslog.enabled=true - # Location of HTTP Request Logs - webserver.accesslog.path=access.log - # HTTP Request Log retention days - webserver.accesslog.retention.days=14 - clusterConfig: | - { - "min.insync.replicas": 3 - } diff --git a/config/test/crd/istio/istio.banzaicloud.io_istiomeshgateways.yaml b/config/test/crd/istio/istio.banzaicloud.io_istiomeshgateways.yaml deleted file mode 100644 index 44b719238..000000000 --- a/config/test/crd/istio/istio.banzaicloud.io_istiomeshgateways.yaml +++ /dev/null @@ -1,1716 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - name: istiomeshgateways.servicemesh.cisco.com - labels: - resource.alpha.banzaicloud.io/revision: 1.15.0 -spec: - group: servicemesh.cisco.com - names: - kind: IstioMeshGateway - listKind: IstioMeshGatewayList - plural: istiomeshgateways - shortNames: - - imgw - - istiomgw - singular: istiomeshgateway - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Type of the gateway - jsonPath: .spec.type - name: Type - type: string - - description: Type of the service - jsonPath: .spec.service.type - name: Service Type - type: string - - description: Status of the resource - jsonPath: .status.Status - name: Status - type: string - - description: Ingress gateway addresses of the resource - jsonPath: .status.GatewayAddress - name: Ingress IPs - type: string - - description: Error message - jsonPath: .status.ErrorMessage - name: Error - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.istioControlPlane - name: Control Plane - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - deployment: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - type: object - weight: - format: int32 - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - type: object - type: array - type: object - type: object - deploymentStrategy: - properties: - rollingUpdate: - properties: - maxSurge: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - localObjectReference: - properties: - name: - type: string - type: object - optional: - type: boolean - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - type: object - secretKeyRef: - properties: - key: - type: string - localObjectReference: - properties: - name: - type: string - type: object - optional: - type: boolean - type: object - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - livenessProbe: - properties: - failureThreshold: - format: int32 - type: integer - handler: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - grpc: - properties: - port: - format: int32 - type: integer - service: - default: "" - type: string - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - nodeSelector: - additionalProperties: - type: string - type: object - podDisruptionBudget: - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - podMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - podSecurityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - priorityClassName: - type: string - readinessProbe: - properties: - failureThreshold: - format: int32 - type: integer - handler: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - grpc: - properties: - port: - format: int32 - type: integer - service: - default: "" - type: string - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - replicas: - properties: - count: - minimum: 0 - nullable: true - type: integer - max: - minimum: 1 - nullable: true - type: integer - min: - minimum: 0 - nullable: true - type: integer - targetCPUUtilizationPercentage: - minimum: 0 - nullable: true - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - type: object - type: array - volumes: - items: - properties: - name: - type: string - volumeSource: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - type: object - type: array - localObjectReference: - properties: - name: - type: string - type: object - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - type: object - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - clusterName: - type: string - creationTimestamp: - properties: - nanos: - format: int32 - type: integer - seconds: - format: int64 - type: integer - type: object - deletionGracePeriodSeconds: - format: int64 - type: integer - deletionTimestamp: - properties: - nanos: - format: int32 - type: integer - seconds: - format: int64 - type: integer - type: object - finalizers: - items: - type: string - type: array - generateName: - type: string - generation: - format: int64 - type: integer - labels: - additionalProperties: - type: string - type: object - managedFields: - items: - properties: - apiVersion: - type: string - fieldsType: - type: string - fieldsV1: - properties: - Raw: - format: binary - type: string - type: object - manager: - type: string - operation: - type: string - subresource: - type: string - time: - properties: - nanos: - format: int32 - type: integer - seconds: - format: int64 - type: integer - type: object - type: object - type: array - name: - type: string - namespace: - type: string - ownerReferences: - items: - properties: - apiVersion: - type: string - blockOwnerDeletion: - type: boolean - controller: - type: boolean - kind: - type: string - name: - type: string - uid: - type: string - type: object - type: array - resourceVersion: - type: string - selfLink: - type: string - uid: - type: string - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - type: object - resources: - properties: - limits: - additionalProperties: - properties: - string: - type: string - type: object - type: object - requests: - additionalProperties: - properties: - string: - type: string - type: object - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - type: object - hostPath: - properties: - path: - type: string - type: - type: string - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - type: object - type: array - localObjectReference: - properties: - name: - type: string - type: object - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - type: object - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - type: object - type: array - localObjectReference: - properties: - name: - type: string - type: object - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - type: object - type: object - type: object - type: array - type: object - istioControlPlane: - properties: - name: - type: string - namespace: - type: string - type: object - k8sResourceOverlays: - items: - properties: - groupVersionKind: - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - objectKey: - properties: - name: - type: string - namespace: - type: string - type: object - patches: - items: - properties: - parseValue: - type: boolean - path: - type: string - type: - enum: - - unspecified - - replace - - remove - type: string - value: - type: string - type: object - type: array - type: object - type: array - runAsRoot: - nullable: true - type: boolean - service: - properties: - clusterIP: - type: string - externalIPs: - items: - type: string - type: array - externalName: - type: string - externalTrafficPolicy: - type: string - healthCheckNodePort: - format: int32 - type: integer - ipFamily: - type: string - loadBalancerIP: - type: string - loadBalancerSourceRanges: - items: - type: string - type: array - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - ports: - items: - properties: - name: - type: string - nodePort: - format: int32 - type: integer - port: - format: int32 - type: integer - protocol: - default: TCP - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - nullable: true - type: boolean - selector: - additionalProperties: - type: string - type: object - sessionAffinity: - type: string - sessionAffinityConfig: - properties: - clientIP: - properties: - timeoutSeconds: - format: int32 - type: integer - type: object - type: object - type: - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - required: - - ports - - type - type: object - type: - enum: - - ingress - - egress - type: string - required: - - istioControlPlane - - service - - type - type: object - status: - properties: - ErrorMessage: - type: string - GatewayAddress: - items: - type: string - type: array - Status: - enum: - - Unspecified - - Created - - ReconcileFailed - - Reconciling - - Available - - Unmanaged - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/test/crd/istio/networking.istio.io_gateway.yaml b/config/test/crd/istio/networking.istio.io_gateway.yaml deleted file mode 100644 index 6647563ac..000000000 --- a/config/test/crd/istio/networking.istio.io_gateway.yaml +++ /dev/null @@ -1,258 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - versions: - - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - type: string - defaultEndpoint: - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - type: string - type: array - name: - description: An optional name of the server, when set must be - unique across all servers. - type: string - port: - properties: - name: - description: Label assigned to the port. - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - type: string - targetPort: - type: integer - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - type: string - type: array - credentialName: - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - type: string - subjectAltNames: - items: - type: string - type: array - verifyCertificateHash: - items: - type: string - type: array - verifyCertificateSpki: - items: - type: string - type: array - type: object - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - type: string - defaultEndpoint: - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - type: string - type: array - name: - description: An optional name of the server, when set must be - unique across all servers. - type: string - port: - properties: - name: - description: Label assigned to the port. - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - type: string - targetPort: - type: integer - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - type: string - type: array - credentialName: - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - type: string - subjectAltNames: - items: - type: string - type: array - verifyCertificateHash: - items: - type: string - type: array - verifyCertificateSpki: - items: - type: string - type: array - type: object - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} diff --git a/config/test/crd/istio/networking.istio.io_virtualservice.yaml b/config/test/crd/istio/networking.istio.io_virtualservice.yaml deleted file mode 100644 index 82ecb5673..000000000 --- a/config/test/crd/istio/networking.istio.io_virtualservice.yaml +++ /dev/null @@ -1,1524 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The names of gateways and sidecars that should apply these routes - jsonPath: .spec.gateways - name: Gateways - type: string - - description: The destination hosts to which traffic is being sent - jsonPath: .spec.hosts - name: Hosts - type: string - - description: 'CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is - exported. - items: - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply - these routes. - items: - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the - resource. - items: - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - type: array - exposeHeaders: - items: - type: string - type: array - maxAge: - type: string - type: object - delegate: - properties: - name: - description: Name specifies the name of the delegate VirtualService. - type: string - namespace: - description: Namespace specifies the namespace where the - delegate VirtualService resides. - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic - at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - type: string - http2Error: - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the - request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching - should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - name: - description: The name assigned to a match. - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - withoutHeaders: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - description: withoutHeader has the same syntax with the - header, but has opposite meaning. - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - nullable: true - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) - traffic. - oneOf: - - not: - anyOf: - - required: - - port - - required: - - derivePort - - required: - - port - - required: - - derivePort - properties: - authority: - type: string - derivePort: - enum: - - FROM_PROTOCOL_DEFAULT - - FROM_REQUEST_PORT - type: string - port: - description: On a redirect, overwrite the port portion of - the URL with this value. - type: integer - redirectCode: - type: integer - scheme: - description: On a redirect, overwrite the scheme portion - of the URL with this value. - type: string - uri: - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries to be allowed for a given - request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per attempt for a given request, including - the initial call and any retries. - type: string - retryOn: - description: Specifies the conditions under which retry - takes place. - type: string - retryRemoteLocalities: - description: Flag to specify whether the retries should - retry to other localities. - nullable: true - type: boolean - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this - value. - type: string - uri: - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) - traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests, default is disabled. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination - with optional subnet. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - type: string - type: object - type: array - route: - description: The destination to which the connection should - be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination - with optional subnet. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - type: string - type: array - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - type: object - type: array - route: - description: The destination to which the connection should - be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: The names of gateways and sidecars that should apply these routes - jsonPath: .spec.gateways - name: Gateways - type: string - - description: The destination hosts to which traffic is being sent - jsonPath: .spec.hosts - name: Hosts - type: string - - description: 'CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is - exported. - items: - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply - these routes. - items: - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the - resource. - items: - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - type: array - exposeHeaders: - items: - type: string - type: array - maxAge: - type: string - type: object - delegate: - properties: - name: - description: Name specifies the name of the delegate VirtualService. - type: string - namespace: - description: Namespace specifies the namespace where the - delegate VirtualService resides. - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic - at the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - type: string - http2Error: - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the - request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching - should be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - name: - description: The name assigned to a match. - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - withoutHeaders: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - type: string - prefix: - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - type: string - type: object - description: withoutHeader has the same syntax with the - header, but has opposite meaning. - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - nullable: true - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the - `mirror` field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) - traffic. - oneOf: - - not: - anyOf: - - required: - - port - - required: - - derivePort - - required: - - port - - required: - - derivePort - properties: - authority: - type: string - derivePort: - enum: - - FROM_PROTOCOL_DEFAULT - - FROM_REQUEST_PORT - type: string - port: - description: On a redirect, overwrite the port portion of - the URL with this value. - type: integer - redirectCode: - type: integer - scheme: - description: On a redirect, overwrite the scheme portion - of the URL with this value. - type: string - uri: - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries to be allowed for a given - request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per attempt for a given request, including - the initial call and any retries. - type: string - retryOn: - description: Specifies the conditions under which retry - takes place. - type: string - retryRemoteLocalities: - description: Flag to specify whether the retries should - retry to other localities. - nullable: true - type: boolean - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this - value. - type: string - uri: - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) - traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - type: string - type: object - remove: - items: - type: string - type: array - set: - additionalProperties: - type: string - type: object - type: object - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests, default is disabled. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination - with optional subnet. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - type: string - type: object - type: array - route: - description: The destination to which the connection should - be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination - with optional subnet. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - type: string - type: array - sourceLabels: - additionalProperties: - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - type: string - type: object - type: array - route: - description: The destination to which the connection should - be forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - weight: - description: Weight specifies the relative proportion - of traffic to be forwarded to the destination. - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index 1961a257d..a688c152d 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -48,7 +48,6 @@ import ( "github.com/banzaicloud/koperator/pkg/resources/cruisecontrol" "github.com/banzaicloud/koperator/pkg/resources/cruisecontrolmonitoring" "github.com/banzaicloud/koperator/pkg/resources/envoy" - "github.com/banzaicloud/koperator/pkg/resources/istioingress" "github.com/banzaicloud/koperator/pkg/resources/kafka" "github.com/banzaicloud/koperator/pkg/resources/kafkamonitoring" "github.com/banzaicloud/koperator/pkg/resources/nodeportexternalaccess" @@ -87,8 +86,6 @@ type KafkaClusterReconciler struct { // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters/status,verbs=get;update;patch // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters/finalizers,verbs=create;update;patch;delete -// +kubebuilder:rbac:groups=servicemesh.cisco.com,resources=istiomeshgateways,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=networking.istio.io,resources=*,verbs=* // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=projectcontour.io,resources=httpproxies,verbs=get;list;watch;create;update;patch;delete @@ -123,7 +120,6 @@ func (r *KafkaClusterReconciler) Reconcile(ctx context.Context, request ctrl.Req reconcilers := []resources.ComponentReconciler{ envoy.New(r.Client, instance), - istioingress.New(r.Client, instance), nodeportexternalaccess.New(r.Client, instance), contouringress.New(r.Client, instance), kafkamonitoring.New(r.Client, instance), diff --git a/controllers/tests/clusterregistry/suite_test.go b/controllers/tests/clusterregistry/suite_test.go index e5a6ec895..aa30f80ff 100644 --- a/controllers/tests/clusterregistry/suite_test.go +++ b/controllers/tests/clusterregistry/suite_test.go @@ -55,8 +55,6 @@ import ( cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" contour "github.com/projectcontour/contour/apis/projectcontour/v1" banzaicloudv1alpha1 "github.com/banzaicloud/koperator/api/v1alpha1" @@ -99,7 +97,6 @@ var _ = BeforeSuite(func() { filepath.Join("..", "..", "..", "config", "base", "crds"), filepath.Join("..", "..", "..", "config", "test", "crd", "cert-manager"), filepath.Join("..", "..", "..", "config", "test", "crd", "projectcontour"), - filepath.Join("..", "..", "..", "config", "test", "crd", "istio"), }, ControlPlaneStopTimeout: stopTimeout, AttachControlPlaneOutput: false, @@ -121,13 +118,11 @@ var _ = BeforeSuite(func() { scheme := runtime.NewScheme() - Expect(banzaiistiov1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(k8sscheme.AddToScheme(scheme)).To(Succeed()) Expect(apiv1.AddToScheme(scheme)).To(Succeed()) Expect(cmv1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1beta1.AddToScheme(scheme)).To(Succeed()) - Expect(istioclientv1beta1.AddToScheme(scheme)).To(Succeed()) Expect(contour.AddToScheme(scheme)).To(Succeed()) // +kubebuilder:scaffold:scheme diff --git a/controllers/tests/kafkacluster_controller_istioingress_test.go b/controllers/tests/kafkacluster_controller_istioingress_test.go deleted file mode 100644 index a3aa96e3c..000000000 --- a/controllers/tests/kafkacluster_controller_istioingress_test.go +++ /dev/null @@ -1,774 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// Copyright 2025 Adobe. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package tests - -import ( - "context" - "encoding/json" - "fmt" - "sync/atomic" - - "google.golang.org/protobuf/types/known/wrapperspb" - - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - - istioOperatorApi "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/intstr" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/util" - "github.com/banzaicloud/koperator/pkg/util/istioingress" -) - -var _ = Describe("KafkaClusterIstioIngressController", func() { - var ( - count uint64 = 0 - namespace string - namespaceObj *corev1.Namespace - kafkaClusterCRName string - kafkaCluster *v1beta1.KafkaCluster - ) - - ExpectIstioIngressLabels := func(labels map[string]string, eListenerName, crName string) { - Expect(labels).To(HaveKeyWithValue(v1beta1.AppLabelKey, "istioingress")) - Expect(labels).To(HaveKeyWithValue("eListenerName", eListenerName)) - Expect(labels).To(HaveKeyWithValue(v1beta1.KafkaCRLabelKey, crName)) - } - - BeforeEach(func() { - atomic.AddUint64(&count, 1) - - namespace = fmt.Sprintf("kafka-istioingress-%v", count) - namespaceObj = &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: namespace, - }, - } - - kafkaClusterCRName = fmt.Sprintf("kafkacluster-%v", count) - kafkaCluster = createMinimalKafkaClusterCR(kafkaClusterCRName, namespace) - - kafkaCluster.Spec.IngressController = istioingress.IngressControllerName - kafkaCluster.Spec.IstioControlPlane = &v1beta1.IstioControlPlaneReference{Name: "icp-v115x-sample", Namespace: "istio-system"} - kafkaCluster.Spec.ListenersConfig.ExternalListeners = []v1beta1.ExternalListenerConfig{ - { - CommonListenerSpec: v1beta1.CommonListenerSpec{ - Type: "plaintext", - Name: "external", - ContainerPort: 9094, - }, - ExternalStartingPort: 19090, - }, - } - }) - - JustBeforeEach(func(ctx SpecContext) { - By("creating namespace " + namespace) - err := k8sClient.Create(ctx, namespaceObj) - Expect(err).NotTo(HaveOccurred()) - - By("creating Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) - err = k8sClient.Create(ctx, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - - svcName := fmt.Sprintf("meshgateway-external-%s", kafkaCluster.Name) - svcFromMeshGateway := corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: svcName, - Namespace: namespace, - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeLoadBalancer, - Ports: []corev1.ServicePort{ - // other ports omitted - { - Name: "tcp-all-broker", - Port: 29092, // from MeshGateway (guarded by the tests) - Protocol: corev1.ProtocolTCP, - }, - }, - }, - } - err = k8sClient.Create(ctx, &svcFromMeshGateway) - Expect(err).NotTo(HaveOccurred()) - svcFromMeshGateway.Status.LoadBalancer.Ingress = []corev1.LoadBalancerIngress{{Hostname: "ingress.test.host.com"}} - err = k8sClient.Status().Update(ctx, &svcFromMeshGateway) - Expect(err).NotTo(HaveOccurred()) - - waitForClusterRunningState(ctx, kafkaCluster, namespace) - }) - - JustAfterEach(func(ctx SpecContext) { - By("deleting Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) - err := k8sClient.Delete(ctx, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - kafkaCluster = nil - }) - - When("Istio ingress controller is configured", func() { - BeforeEach(func() { - kafkaCluster.Spec.IngressController = istioingress.IngressControllerName - }) - - It("creates Istio ingress related objects", func(ctx SpecContext) { - var meshGateway istioOperatorApi.IstioMeshGateway - meshGatewayName := fmt.Sprintf("meshgateway-external-%s", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(context.Background(), types.NamespacedName{Namespace: namespace, Name: meshGatewayName}, &meshGateway) - return err - }).Should(Succeed()) - - meshGatewaySpec := meshGateway.Spec - ExpectIstioIngressLabels(meshGatewaySpec.Deployment.Metadata.Labels, "external", kafkaClusterCRName) - Expect(meshGatewaySpec.Service.Type).To(Equal(string(corev1.ServiceTypeLoadBalancer))) - deploymentConf := meshGatewaySpec.Deployment - - Expect(cmp.Equal(deploymentConf.Replicas.Count, wrapperspb.Int32(1), cmpopts.IgnoreUnexported(wrapperspb.Int32Value{}))).To(BeTrue()) - Expect(cmp.Equal(deploymentConf.Replicas.Min, wrapperspb.Int32(1), cmpopts.IgnoreUnexported(wrapperspb.Int32Value{}))).To(BeTrue()) - Expect(cmp.Equal(deploymentConf.Replicas.Max, wrapperspb.Int32(1), cmpopts.IgnoreUnexported(wrapperspb.Int32Value{}))).To(BeTrue()) - - actualResourceJSON, err := json.Marshal(deploymentConf.Resources) - Expect(err).NotTo(HaveOccurred()) - expectedResource := &istioOperatorApi.ResourceRequirements{ - Limits: map[string]*istioOperatorApi.Quantity{ - "cpu": {Quantity: resource.MustParse("2000m")}, - "memory": {Quantity: resource.MustParse("1024Mi")}, - }, - Requests: map[string]*istioOperatorApi.Quantity{ - "cpu": {Quantity: resource.MustParse("100m")}, - "memory": {Quantity: resource.MustParse("128Mi")}, - }, - } - expectedResourceJSON, err := json.Marshal(expectedResource) - Expect(err).NotTo(HaveOccurred()) - Expect(actualResourceJSON).To(Equal(expectedResourceJSON)) - - Expect(len(meshGatewaySpec.Service.Ports)).To(Equal(4)) - - expectedPort := &istioOperatorApi.ServicePort{ - Name: "tcp-broker-0", - Protocol: string(corev1.ProtocolTCP), - Port: 19090, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19090)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[0], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-broker-1", - Protocol: string(corev1.ProtocolTCP), - Port: 19091, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19091)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[1], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-broker-2", - Protocol: string(corev1.ProtocolTCP), - Port: 19092, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19092)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[2], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-all-broker", - Protocol: string(corev1.ProtocolTCP), - Port: 29092, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(29092)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[3], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - Expect(meshGatewaySpec.Type).To(Equal(istioOperatorApi.GatewayType_ingress)) - - var gateway istioclientv1beta1.Gateway - gatewayName := fmt.Sprintf("%s-external-gateway", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: gatewayName}, &gateway) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(gateway.Labels, "external", kafkaClusterCRName) - ExpectIstioIngressLabels(gateway.Spec.Selector, "external", kafkaClusterCRName) - Expect(gateway.Spec.Servers).To(ConsistOf( - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 19090, - Protocol: "TCP", - Name: "tcp-broker-0"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 19091, - Protocol: "TCP", - Name: "tcp-broker-1"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 19092, - Protocol: "TCP", - Name: "tcp-broker-2"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 29092, - Protocol: "TCP", - Name: "tcp-all-broker", - }, - Hosts: []string{"*"}, - })) - - var virtualService istioclientv1beta1.VirtualService - virtualServiceName := fmt.Sprintf("%s-external-virtualservice", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: virtualServiceName}, &virtualService) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(virtualService.Labels, "external", kafkaClusterCRName) - Expect(virtualService.Spec).To(Equal(istioclientv1beta1.VirtualServiceSpec{ - Hosts: []string{"*"}, - Gateways: []string{fmt.Sprintf("%s-external-gateway", kafkaClusterCRName)}, - TCP: []istioclientv1beta1.TCPRoute{ - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19090)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-0", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19091)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-1", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19092)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-2", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(29092)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-all-broker", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - }, - })) - - // expect kafkaCluster listener status - err = k8sClient.Get(ctx, types.NamespacedName{ - Name: kafkaCluster.Name, - Namespace: kafkaCluster.Namespace, - }, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - - Expect(kafkaCluster.Status.ListenerStatuses).To(Equal(v1beta1.ListenerStatuses{ - InternalListeners: map[string]v1beta1.ListenerStatusList{ - "internal": { - { - Name: "any-broker", - Address: fmt.Sprintf("%s-all-broker.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-0", - Address: fmt.Sprintf("%s-0.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-1", - Address: fmt.Sprintf("%s-1.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-2", - Address: fmt.Sprintf("%s-2.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - }, - }, - ExternalListeners: map[string]v1beta1.ListenerStatusList{ - "external": { - { - Name: "any-broker", - Address: "ingress.test.host.com:29092", - }, - { - Name: "broker-0", - Address: "ingress.test.host.com:19090", - }, - { - Name: "broker-1", - Address: "ingress.test.host.com:19091", - }, - { - Name: "broker-2", - Address: "ingress.test.host.com:19092", - }, - }, - }, - })) - }) - }) - - When("Headless mode is turned on", func() { - BeforeEach(func() { - kafkaCluster.Spec.HeadlessServiceEnabled = true - }) - - It("does not add the all-broker service to the listener status", func(ctx SpecContext) { - err := k8sClient.Get(ctx, types.NamespacedName{ - Name: kafkaCluster.Name, - Namespace: kafkaCluster.Namespace, - }, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - - Expect(kafkaCluster.Status.ListenerStatuses).To(Equal(v1beta1.ListenerStatuses{ - InternalListeners: map[string]v1beta1.ListenerStatusList{ - "internal": { - { - Name: "headless", - Address: fmt.Sprintf("%s-headless.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-0", - Address: fmt.Sprintf("%s-0.%s-headless.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, kafkaCluster.Name, count), - }, - { - Name: "broker-1", - Address: fmt.Sprintf("%s-1.%s-headless.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, kafkaCluster.Name, count), - }, - { - Name: "broker-2", - Address: fmt.Sprintf("%s-2.%s-headless.kafka-istioingress-%d.svc.cluster.local:29092", kafkaCluster.Name, kafkaCluster.Name, count), - }, - }, - }, - ExternalListeners: map[string]v1beta1.ListenerStatusList{ - "external": { - { - Name: "any-broker", - Address: "ingress.test.host.com:29092", - }, - { - Name: "broker-0", - Address: "ingress.test.host.com:19090", - }, - { - Name: "broker-1", - Address: "ingress.test.host.com:19091", - }, - { - Name: "broker-2", - Address: "ingress.test.host.com:19092", - }, - }, - }, - })) - }) - }) -}) - -var _ = Describe("KafkaClusterIstioIngressControllerWithBrokerIdBindings", func() { - var ( - count uint64 = 0 - namespace string - namespaceObj *corev1.Namespace - kafkaClusterCRName string - kafkaCluster *v1beta1.KafkaCluster - ) - - ExpectIstioIngressLabels := func(labels map[string]string, eListenerName, crName string) { - Expect(labels).To(HaveKeyWithValue(v1beta1.AppLabelKey, "istioingress")) - Expect(labels).To(HaveKeyWithValue("eListenerName", eListenerName)) - Expect(labels).To(HaveKeyWithValue(v1beta1.KafkaCRLabelKey, crName)) - } - - BeforeEach(func() { - atomic.AddUint64(&count, 1) - - namespace = fmt.Sprintf("kafka-istioingress-with-bindings-%v", count) - namespaceObj = &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: namespace, - }, - } - - kafkaClusterCRName = fmt.Sprintf("kafkacluster-%v", count) - kafkaCluster = createMinimalKafkaClusterCR(kafkaClusterCRName, namespace) - - kafkaCluster.Spec.IngressController = istioingress.IngressControllerName - kafkaCluster.Spec.IstioControlPlane = &v1beta1.IstioControlPlaneReference{Name: "icp-v115x-sample", Namespace: "istio-system"} - kafkaCluster.Spec.ListenersConfig.ExternalListeners = []v1beta1.ExternalListenerConfig{ - { - CommonListenerSpec: v1beta1.CommonListenerSpec{ - Type: "plaintext", - Name: "external", - ContainerPort: 9094, - }, - ExternalStartingPort: 19090, - Config: &v1beta1.Config{ - DefaultIngressConfig: "az1", - IngressConfig: map[string]v1beta1.IngressConfig{ - "az1": {IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Annotations: map[string]string{"zone": "az1"}, - }, - }, - "az2": {IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Annotations: map[string]string{"zone": "az2"}, - TLSOptions: &istioclientv1beta1.TLSOptions{ - Mode: istioclientv1beta1.TLSModeSimple, - CredentialName: util.StringPointer("foobar"), - }, - }, - }, - }, - }, - }, - } - kafkaCluster.Spec.Brokers[0].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"az1"}} - kafkaCluster.Spec.Brokers[1].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"az2"}} - }) - - JustBeforeEach(func(ctx SpecContext) { - By("creating namespace " + namespace) - err := k8sClient.Create(ctx, namespaceObj) - Expect(err).NotTo(HaveOccurred()) - - By("creating Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) - err = k8sClient.Create(ctx, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - - createMeshGatewayService(ctx, "external.az1.host.com", - fmt.Sprintf("meshgateway-external-az1-%s", kafkaCluster.Name), namespace) - createMeshGatewayService(ctx, "external.az2.host.com", - fmt.Sprintf("meshgateway-external-az2-%s", kafkaCluster.Name), namespace) - - waitForClusterRunningState(ctx, kafkaCluster, namespace) - }) - - JustAfterEach(func(ctx SpecContext) { - By("deleting Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) - err := k8sClient.Delete(ctx, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - kafkaCluster = nil - }) - - When("Istio ingress controller is configured", func() { - - It("creates Istio ingress related objects", func(ctx SpecContext) { - // Istio ingress Az1 related objects - var meshGateway istioOperatorApi.IstioMeshGateway - meshGatewayAz1Name := fmt.Sprintf("meshgateway-external-az1-%s", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: meshGatewayAz1Name}, &meshGateway) - return err - }).Should(Succeed()) - - meshGatewaySpec := meshGateway.Spec - ExpectIstioIngressLabels(meshGatewaySpec.Deployment.Metadata.Labels, "external-az1", kafkaClusterCRName) - - Expect(len(meshGatewaySpec.Service.Ports)).To(Equal(3)) - - expectedPort := &istioOperatorApi.ServicePort{ - Name: "tcp-broker-0", - Protocol: string(corev1.ProtocolTCP), - Port: 19090, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19090)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[0], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-broker-2", - Protocol: string(corev1.ProtocolTCP), - Port: 19092, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19092)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[1], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-all-broker", - Protocol: string(corev1.ProtocolTCP), - Port: 29092, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(29092)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[2], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - var gateway istioclientv1beta1.Gateway - gatewayName := fmt.Sprintf("%s-external-az1-gateway", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: gatewayName}, &gateway) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(gateway.Labels, "external-az1", kafkaClusterCRName) - ExpectIstioIngressLabels(gateway.Spec.Selector, "external-az1", kafkaClusterCRName) - Expect(gateway.Spec.Servers).To(ConsistOf( - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 19090, - Protocol: "TCP", - Name: "tcp-broker-0"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 19092, - Protocol: "TCP", - Name: "tcp-broker-2"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: 29092, - Protocol: "TCP", - Name: "tcp-all-broker", - }, - Hosts: []string{"*"}, - })) - - var virtualService istioclientv1beta1.VirtualService - virtualServiceName := fmt.Sprintf("%s-external-az1-virtualservice", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: virtualServiceName}, &virtualService) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(virtualService.Labels, "external-az1", kafkaClusterCRName) - Expect(virtualService.Spec).To(Equal(istioclientv1beta1.VirtualServiceSpec{ - Hosts: []string{"*"}, - Gateways: []string{gatewayName}, - TCP: []istioclientv1beta1.TCPRoute{ - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19090)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-0", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19092)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-2", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(29092)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-all-broker", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - }, - })) - // Istio Ingress Az2 related objects - meshGatewayAz2Name := fmt.Sprintf("meshgateway-external-az2-%s", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: meshGatewayAz2Name}, &meshGateway) - return err - }).Should(Succeed()) - - meshGatewaySpec = meshGateway.Spec - ExpectIstioIngressLabels(meshGatewaySpec.Deployment.Metadata.Labels, "external-az2", kafkaClusterCRName) - - Expect(len(meshGatewaySpec.Service.Ports)).To(Equal(2)) - - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-broker-1", - Protocol: string(corev1.ProtocolTCP), - Port: 19091, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(19091)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[0], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - expectedPort = &istioOperatorApi.ServicePort{ - Name: "tcp-all-broker", - Protocol: string(corev1.ProtocolTCP), - Port: 29092, - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(29092)}, - } - Expect(cmp.Equal(meshGatewaySpec.Service.Ports[1], expectedPort, cmpopts.IgnoreUnexported(istioOperatorApi.ServicePort{}))).To(BeTrue()) - - gatewayName = fmt.Sprintf("%s-external-az2-gateway", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: gatewayName}, &gateway) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(gateway.Labels, "external-az2", kafkaClusterCRName) - ExpectIstioIngressLabels(gateway.Spec.Selector, "external-az2", kafkaClusterCRName) - Expect(gateway.Spec.Servers).To(ConsistOf( - istioclientv1beta1.Server{ - TLS: &istioclientv1beta1.TLSOptions{ - Mode: istioclientv1beta1.TLSModeSimple, - CredentialName: util.StringPointer("foobar"), - }, - Port: &istioclientv1beta1.Port{ - Number: 19091, - Protocol: "TLS", - Name: "tcp-broker-1"}, - Hosts: []string{"*"}, - }, - istioclientv1beta1.Server{ - TLS: &istioclientv1beta1.TLSOptions{ - Mode: istioclientv1beta1.TLSModeSimple, - CredentialName: util.StringPointer("foobar"), - }, - Port: &istioclientv1beta1.Port{ - Number: 29092, - Protocol: "TLS", - Name: "tcp-all-broker", - }, - Hosts: []string{"*"}, - })) - - virtualServiceName = fmt.Sprintf("%s-external-az2-virtualservice", kafkaCluster.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: virtualServiceName}, &virtualService) - return err - }).Should(Succeed()) - - ExpectIstioIngressLabels(virtualService.Labels, "external-az2", kafkaClusterCRName) - Expect(virtualService.Spec).To(Equal(istioclientv1beta1.VirtualServiceSpec{ - Hosts: []string{"*"}, - Gateways: []string{gatewayName}, - TCP: []istioclientv1beta1.TCPRoute{ - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(19091)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-1", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - { - Match: []istioclientv1beta1.L4MatchAttributes{{Port: util.IntPointer(29092)}}, - Route: []*istioclientv1beta1.RouteDestination{{ - Destination: &istioclientv1beta1.Destination{ - Host: "kafkacluster-1-all-broker", - Port: &istioclientv1beta1.PortSelector{Number: 9094}, - }, - }}, - }, - }, - })) - - // expect kafkaCluster listener status - err := k8sClient.Get(ctx, types.NamespacedName{ - Name: kafkaCluster.Name, - Namespace: kafkaCluster.Namespace, - }, kafkaCluster) - Expect(err).NotTo(HaveOccurred()) - - Expect(kafkaCluster.Status.ListenerStatuses).To(Equal(v1beta1.ListenerStatuses{ - InternalListeners: map[string]v1beta1.ListenerStatusList{ - "internal": { - { - Name: "any-broker", - Address: fmt.Sprintf("%s-all-broker.kafka-istioingress-with-bindings-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-0", - Address: fmt.Sprintf("%s-0.kafka-istioingress-with-bindings-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-1", - Address: fmt.Sprintf("%s-1.kafka-istioingress-with-bindings-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - { - Name: "broker-2", - Address: fmt.Sprintf("%s-2.kafka-istioingress-with-bindings-%d.svc.cluster.local:29092", kafkaCluster.Name, count), - }, - }, - }, - ExternalListeners: map[string]v1beta1.ListenerStatusList{ - "external": { - { - Name: "any-broker-az1", - Address: "external.az1.host.com:29092", - }, - { - Name: "any-broker-az2", - Address: "external.az2.host.com:29092", - }, - { - Name: "broker-0", - Address: "external.az1.host.com:19090", - }, - { - Name: "broker-1", - Address: "external.az2.host.com:19091", - }, - { - Name: "broker-2", - Address: "external.az1.host.com:19092", - }, - }, - }, - })) - }) - }) -}) - -func createMeshGatewayService(ctx context.Context, extListenerName, extListenerServiceName, namespace string) { - svcFromMeshGateway := corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: extListenerServiceName, - Namespace: namespace, - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeLoadBalancer, - Ports: []corev1.ServicePort{ - // other ports omitted - { - Name: "tcp-all-broker", - Port: 29092, // from MeshGateway (guarded by the tests) - Protocol: corev1.ProtocolTCP, - }, - }, - }, - } - err := k8sClient.Create(ctx, &svcFromMeshGateway) - Expect(err).NotTo(HaveOccurred()) - svcFromMeshGateway.Status.LoadBalancer.Ingress = []corev1.LoadBalancerIngress{{Hostname: extListenerName}} - err = k8sClient.Status().Update(ctx, &svcFromMeshGateway) - Expect(err).NotTo(HaveOccurred()) -} diff --git a/controllers/tests/suite_test.go b/controllers/tests/suite_test.go index e3a5234f8..cad14d2d3 100644 --- a/controllers/tests/suite_test.go +++ b/controllers/tests/suite_test.go @@ -54,8 +54,6 @@ import ( cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" contour "github.com/projectcontour/contour/apis/projectcontour/v1" banzaicloudv1alpha1 "github.com/banzaicloud/koperator/api/v1alpha1" @@ -94,7 +92,6 @@ var _ = BeforeSuite(func(ctx SpecContext) { filepath.Join("..", "..", "config", "base", "crds"), filepath.Join("..", "..", "config", "test", "crd", "cert-manager"), filepath.Join("..", "..", "config", "test", "crd", "projectcontour"), - filepath.Join("..", "..", "config", "test", "crd", "istio"), }, ControlPlaneStartTimeout: timeout, ControlPlaneStopTimeout: timeout, @@ -119,13 +116,11 @@ var _ = BeforeSuite(func(ctx SpecContext) { scheme := runtime.NewScheme() - Expect(banzaiistiov1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(k8sscheme.AddToScheme(scheme)).To(Succeed()) Expect(apiv1.AddToScheme(scheme)).To(Succeed()) Expect(cmv1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1beta1.AddToScheme(scheme)).To(Succeed()) - Expect(istioclientv1beta1.AddToScheme(scheme)).To(Succeed()) Expect(contour.AddToScheme(scheme)).To(Succeed()) // +kubebuilder:scaffold:scheme diff --git a/go.mod b/go.mod index 2a806987b..bbf164a80 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,6 @@ require ( github.com/IBM/sarama v1.46.3 github.com/Masterminds/sprig/v3 v3.3.0 github.com/banzaicloud/go-cruise-control v0.6.0 - github.com/banzaicloud/istio-client-go v0.0.17 - github.com/banzaicloud/istio-operator/api/v2 v2.17.4 github.com/banzaicloud/k8s-objectmatcher v1.8.0 github.com/banzaicloud/koperator/api v0.28.8 github.com/banzaicloud/koperator/properties v0.4.1 @@ -74,7 +72,7 @@ require ( require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect - github.com/banzaicloud/operator-tools v0.28.10 + github.com/banzaicloud/operator-tools v0.28.10 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/briandowns/spinner v1.23.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -93,7 +91,6 @@ require ( github.com/go-openapi/jsonreference v0.21.4 // indirect github.com/go-openapi/swag v0.25.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v1.0.0 // indirect github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 @@ -138,7 +135,6 @@ require ( golang.org/x/time v0.14.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - istio.io/api v1.28.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect @@ -149,8 +145,6 @@ require ( replace ( github.com/banzaicloud/go-cruise-control => ./third_party/github.com/banzaicloud/go-cruise-control - github.com/banzaicloud/istio-client-go => ./third_party/github.com/banzaicloud/istio-client-go - github.com/banzaicloud/istio-operator/api/v2 => ./third_party/github.com/banzaicloud/istio-operator/api github.com/banzaicloud/k8s-objectmatcher => ./third_party/github.com/banzaicloud/k8s-objectmatcher github.com/banzaicloud/koperator/api => ./api github.com/banzaicloud/koperator/properties => ./properties diff --git a/go.sum b/go.sum index 549d04e94..f90ffe73a 100644 --- a/go.sum +++ b/go.sum @@ -108,8 +108,6 @@ github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= @@ -346,8 +344,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -istio.io/api v1.28.1 h1:A1DzBrL6PUmDDT8uvs43wxmlg6FvdKNiZvZC1PdA50M= -istio.io/api v1.28.1/go.mod h1:BD3qv/ekm16kvSgvSpuiDawgKhEwG97wx849CednJSg= k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= diff --git a/main.go b/main.go index 05d8f4548..d616d4208 100644 --- a/main.go +++ b/main.go @@ -42,10 +42,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - - banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" - certv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "k8s.io/apimachinery/pkg/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -77,10 +73,6 @@ func init() { _ = banzaicloudv1beta1.AddToScheme(scheme) - _ = banzaiistiov1alpha1.AddToScheme(scheme) - - _ = istioclientv1beta1.AddToScheme(scheme) - _ = contour.AddToScheme(scheme) // +kubebuilder:scaffold:scheme } diff --git a/pkg/pki/k8scsrpki/k8scsr_user_test.go b/pkg/pki/k8scsrpki/k8scsr_user_test.go index 3f78d7ea7..0e55c5ec2 100644 --- a/pkg/pki/k8scsrpki/k8scsr_user_test.go +++ b/pkg/pki/k8scsrpki/k8scsr_user_test.go @@ -30,9 +30,6 @@ import ( "k8s.io/client-go/kubernetes/scheme" "sigs.k8s.io/controller-runtime/pkg/client/fake" - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" - "github.com/banzaicloud/koperator/api/v1alpha1" "github.com/banzaicloud/koperator/api/v1beta1" "github.com/banzaicloud/koperator/pkg/util" @@ -79,14 +76,6 @@ func setupSchemeForTests() (*runtime.Scheme, error) { if err != nil { return nil, err } - err = banzaiistiov1alpha1.AddToScheme(sch) - if err != nil { - return nil, err - } - err = istioclientv1beta1.AddToScheme(sch) - if err != nil { - return nil, err - } return sch, nil } diff --git a/pkg/resources/istioingress/gateway.go b/pkg/resources/istioingress/gateway.go deleted file mode 100644 index 2313bcbce..000000000 --- a/pkg/resources/istioingress/gateway.go +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// Copyright 2025 Adobe. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package istioingress - -import ( - "fmt" - "math" - - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - - "github.com/go-logr/logr" - "k8s.io/apimachinery/pkg/runtime" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/resources/templates" - "github.com/banzaicloud/koperator/pkg/util" - kafkautils "github.com/banzaicloud/koperator/pkg/util/kafka" -) - -func (r *Reconciler) gateway(log logr.Logger, externalListenerConfig v1beta1.ExternalListenerConfig, - ingressConf v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName, istioRevision string) runtime.Object { - eListenerLabelName := util.ConstructEListenerLabelName(ingressConfigName, externalListenerConfig.Name) - - var gatewayName string - if ingressConfigName == util.IngressConfigGlobalName { - gatewayName = fmt.Sprintf(gatewayNameTemplate, r.KafkaCluster.Name, externalListenerConfig.Name) - } else { - gatewayName = fmt.Sprintf(gatewayNameTemplateWithScope, r.KafkaCluster.Name, externalListenerConfig.Name, ingressConfigName) - } - return &istioclientv1beta1.Gateway{ - ObjectMeta: templates.ObjectMeta(gatewayName, - labelsForIstioIngress(r.KafkaCluster.Name, eListenerLabelName, istioRevision), r.KafkaCluster), - Spec: istioclientv1beta1.GatewaySpec{ - Selector: labelsForIstioIngress(r.KafkaCluster.Name, eListenerLabelName, istioRevision), - Servers: generateServers(r.KafkaCluster, externalListenerConfig, log, ingressConf, - ingressConfigName, defaultIngressConfigName), - }, - } -} - -func generateServers(kc *v1beta1.KafkaCluster, externalListenerConfig v1beta1.ExternalListenerConfig, log logr.Logger, - ingressConf v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) []istioclientv1beta1.Server { - servers := make([]istioclientv1beta1.Server, 0) - protocol := istioclientv1beta1.ProtocolTCP - var tlsConfig *istioclientv1beta1.TLSOptions - if ingressConf.IstioIngressConfig.TLSOptions != nil { - tlsConfig = ingressConf.IstioIngressConfig.TLSOptions - protocol = istioclientv1beta1.ProtocolTLS - } - - brokerIds := util.GetBrokerIdsFromStatusAndSpec(kc.Status.BrokersState, kc.Spec.Brokers, log) - - for _, brokerId := range brokerIds { - brokerConfig, err := kafkautils.GatherBrokerConfigIfAvailable(kc.Spec, brokerId) - if err != nil { - log.Error(err, "could not determine brokerConfig") - continue - } - if util.ShouldIncludeBroker(brokerConfig, kc.Status, brokerId, defaultIngressConfigName, ingressConfigName) { - servers = append(servers, istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: func() int { - // Broker IDs are always within valid range for int32 conversion - if brokerId < 0 || brokerId > math.MaxInt32 { - // This should never happen as broker IDs are small positive integers - log.Error(fmt.Errorf("broker ID %d out of valid range for int32 conversion", brokerId), "Invalid broker ID detected in gateway port") - return 0 - } - brokerPort := externalListenerConfig.GetBrokerPort(int32(brokerId)) - // Port numbers are always within valid range for int conversion - if brokerPort < 0 || brokerPort > 65535 { - // This should never happen as GetBrokerPort returns valid port numbers - log.Error(fmt.Errorf("broker port %d out of valid range [0-65535] for broker %d", brokerPort, brokerId), "Invalid broker port detected in gateway port") - return 0 - } - return int(brokerPort) - }(), - Protocol: protocol, - Name: fmt.Sprintf("tcp-broker-%d", brokerId), - }, - TLS: tlsConfig, - Hosts: []string{"*"}, - }) - } - } - servers = append(servers, istioclientv1beta1.Server{ - Port: &istioclientv1beta1.Port{ - Number: int(externalListenerConfig.GetAnyCastPort()), - Protocol: protocol, - Name: fmt.Sprintf(kafkautils.AllBrokerServiceTemplate, "tcp"), - }, - Hosts: []string{"*"}, - TLS: tlsConfig, - }) - - return servers -} diff --git a/pkg/resources/istioingress/istioingress.go b/pkg/resources/istioingress/istioingress.go deleted file mode 100644 index 8e1c6b48f..000000000 --- a/pkg/resources/istioingress/istioingress.go +++ /dev/null @@ -1,168 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package istioingress - -import ( - "context" - "fmt" - "reflect" - "strings" - - "emperror.dev/errors" - - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - istioOperatorApi "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" - "github.com/banzaicloud/operator-tools/pkg/utils" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/k8sutil" - "github.com/banzaicloud/koperator/pkg/resources" - "github.com/banzaicloud/koperator/pkg/util" - "github.com/banzaicloud/koperator/pkg/util/istioingress" - - corev1 "k8s.io/api/core/v1" - apimeta "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" - - "github.com/go-logr/logr" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - componentName = "istioingress" - gatewayNameTemplate = "%s-%s-gateway" - gatewayNameTemplateWithScope = "%s-%s-%s-gateway" - virtualServiceTemplate = "%s-%s-virtualservice" - virtualServiceTemplateWithScope = "%s-%s-%s-virtualservice" -) - -// labelsForIstioIngress returns the labels for selecting the resources -// belonging to the given kafka CR name. -func labelsForIstioIngress(crName, eLName, istioRevision string) map[string]string { - return utils.MergeLabels(labelsForIstioIngressWithoutEListenerName(crName, istioRevision), map[string]string{util.ExternalListenerLabelNameKey: eLName}) -} - -func labelsForIstioIngressWithoutEListenerName(crName, istioRevision string) map[string]string { - labels := map[string]string{v1beta1.AppLabelKey: "istioingress", v1beta1.KafkaCRLabelKey: crName} - if istioRevision != "" { - labels["istio.io/rev"] = istioRevision - } - return labels -} - -// Reconciler implements the Component Reconciler -type Reconciler struct { - resources.Reconciler -} - -// New creates a new reconciler for IstioIngress -func New(client client.Client, cluster *v1beta1.KafkaCluster) *Reconciler { - return &Reconciler{ - Reconciler: resources.Reconciler{ - Client: client, - KafkaCluster: cluster, - }, - } -} - -// Reconcile implements the reconcile logic for IstioIngress -func (r *Reconciler) Reconcile(log logr.Logger) error { - log = log.WithValues("component", componentName) - log.V(1).Info("Reconciling") - - for _, eListener := range r.KafkaCluster.Spec.ListenersConfig.ExternalListeners { - if r.KafkaCluster.Spec.GetIngressController() == istioingress.IngressControllerName && eListener.GetAccessMethod() == corev1.ServiceTypeLoadBalancer { - if r.KafkaCluster.Spec.IstioControlPlane == nil { - log.Error(errors.NewPlain("reference to Istio Control Plane is missing"), "skip external listener reconciliation", "external listener", eListener.Name) - continue - } - - istioRevision := istioOperatorApi.NamespacedRevision( - strings.ReplaceAll(r.KafkaCluster.Spec.IstioControlPlane.Name, ".", "-"), - r.KafkaCluster.Spec.IstioControlPlane.Namespace) - ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(r.KafkaCluster.Spec, eListener) - if err != nil { - return err - } - for name, ingressConfig := range ingressConfigs { - if !util.IsIngressConfigInUse(name, defaultControllerName, r.KafkaCluster, log) { - continue - } - for _, res := range []resources.ResourceWithLogAndExternalListenerSpecificInfosAndIstioRevision{ - r.meshgateway, - r.gateway, - r.virtualService, - } { - o := res(log, eListener, ingressConfig, name, defaultControllerName, istioRevision) - err := k8sutil.Reconcile(log, r.Client, o, r.KafkaCluster) - if err != nil { - return err - } - } - } - } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { - // Cleaning up unused istio resources when ingress controller is not istioingress or externalListener access method is not LoadBalancer - deletionCounter := 0 - ctx := context.Background() - istioResourcesGVK := []schema.GroupVersionKind{ - { - Version: istioOperatorApi.GroupVersion.Version, - Group: istioOperatorApi.GroupVersion.Group, - Kind: reflect.TypeOf(istioOperatorApi.IstioMeshGateway{}).Name(), - }, - { - Version: istioclientv1beta1.SchemeGroupVersion.Version, - Group: istioclientv1beta1.SchemeGroupVersion.Group, - Kind: reflect.TypeOf(istioclientv1beta1.Gateway{}).Name(), - }, - { - Version: istioclientv1beta1.SchemeGroupVersion.Version, - Group: istioclientv1beta1.SchemeGroupVersion.Group, - Kind: reflect.TypeOf(istioclientv1beta1.VirtualService{}).Name(), - }, - } - var istioResources unstructured.UnstructuredList - for _, gvk := range istioResourcesGVK { - istioResources.SetGroupVersionKind(gvk) - - if err := r.List(ctx, &istioResources, client.InNamespace(r.KafkaCluster.GetNamespace()), - client.MatchingLabels(labelsForIstioIngressWithoutEListenerName(r.KafkaCluster.Name, ""))); err != nil && !apimeta.IsNoMatchError(err) { - return errors.Wrap(err, "error when getting list of istio ingress resources for deletion") - } - - for _, removeObject := range istioResources.Items { - if !strings.Contains(removeObject.GetLabels()[util.ExternalListenerLabelNameKey], eListener.Name) || - util.ObjectManagedByClusterRegistry(&removeObject) || - !removeObject.GetDeletionTimestamp().IsZero() { - continue - } - if err := r.Delete(ctx, &removeObject); client.IgnoreNotFound(err) != nil { - return errors.Wrap(err, "error when removing istio ingress resources") - } - log.V(1).Info(fmt.Sprintf("Deleted istio ingress '%s' resource '%s' for externalListener '%s'", gvk.Kind, removeObject.GetName(), eListener.Name)) - deletionCounter++ - } - } - if deletionCounter > 0 { - log.Info(fmt.Sprintf("Removed '%d' resources for istio ingress", deletionCounter)) - } - } - } - - log.V(1).Info("Reconciled") - - return nil -} diff --git a/pkg/resources/istioingress/meshgateway.go b/pkg/resources/istioingress/meshgateway.go deleted file mode 100644 index 2f9507d9b..000000000 --- a/pkg/resources/istioingress/meshgateway.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// Copyright 2025 Adobe. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package istioingress - -import ( - "fmt" - "math" - - istioOperatorApi "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" - "github.com/go-logr/logr" - "google.golang.org/protobuf/types/known/wrapperspb" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/resources/templates" - "github.com/banzaicloud/koperator/pkg/util" - istioingressutils "github.com/banzaicloud/koperator/pkg/util/istioingress" - kafkautils "github.com/banzaicloud/koperator/pkg/util/kafka" -) - -func (r *Reconciler) meshgateway(log logr.Logger, externalListenerConfig v1beta1.ExternalListenerConfig, - ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName, istioRevision string) runtime.Object { - eListenerLabelName := util.ConstructEListenerLabelName(ingressConfigName, externalListenerConfig.Name) - - var meshgatewayName string - if ingressConfigName == util.IngressConfigGlobalName { - meshgatewayName = fmt.Sprintf(istioingressutils.MeshGatewayNameTemplate, externalListenerConfig.Name, r.KafkaCluster.GetName()) - } else { - meshgatewayName = fmt.Sprintf(istioingressutils.MeshGatewayNameTemplateWithScope, - externalListenerConfig.Name, ingressConfigName, r.KafkaCluster.GetName()) - } - - mgateway := &istioOperatorApi.IstioMeshGateway{ - ObjectMeta: templates.ObjectMeta( - meshgatewayName, - labelsForIstioIngress(r.KafkaCluster.Name, eListenerLabelName, istioRevision), r.KafkaCluster), - Spec: &istioOperatorApi.IstioMeshGatewaySpec{ - Deployment: &istioOperatorApi.BaseKubernetesResourceConfig{ - Metadata: &istioOperatorApi.K8SObjectMeta{ - Labels: labelsForIstioIngress(r.KafkaCluster.Name, eListenerLabelName, istioRevision), - Annotations: ingressConfig.IstioIngressConfig.GetAnnotations(), - }, - Env: ingressConfig.IstioIngressConfig.Envs, - Resources: istioOperatorApi.InitResourceRequirementsFromK8sRR(ingressConfig.IstioIngressConfig.GetResources()), - NodeSelector: ingressConfig.IstioIngressConfig.NodeSelector, - SecurityContext: &corev1.SecurityContext{ - RunAsNonRoot: util.BoolPointer(false), - }, - Tolerations: ingressConfig.IstioIngressConfig.Tolerations, - Replicas: &istioOperatorApi.Replicas{ - Count: wrapperspb.Int32(ingressConfig.IstioIngressConfig.GetReplicas()), - Min: wrapperspb.Int32(ingressConfig.IstioIngressConfig.GetReplicas()), - Max: wrapperspb.Int32(ingressConfig.IstioIngressConfig.GetReplicas()), - }, - }, - Service: &istioOperatorApi.Service{ - Metadata: &istioOperatorApi.K8SObjectMeta{ - Annotations: ingressConfig.GetServiceAnnotations(), - }, - Ports: generateExternalPorts(r.KafkaCluster, - util.GetBrokerIdsFromStatusAndSpec(r.KafkaCluster.Status.BrokersState, r.KafkaCluster.Spec.Brokers, log), - externalListenerConfig, log, ingressConfigName, defaultIngressConfigName), - Type: string(ingressConfig.GetServiceType()), - LoadBalancerSourceRanges: ingressConfig.IstioIngressConfig.GetLoadBalancerSourceRanges(), - }, - RunAsRoot: wrapperspb.Bool(true), - Type: istioOperatorApi.GatewayType_ingress, - IstioControlPlane: &istioOperatorApi.NamespacedName{ - Name: r.KafkaCluster.Spec.IstioControlPlane.Name, - Namespace: r.KafkaCluster.Spec.IstioControlPlane.Namespace, - }, - }, - } - - return mgateway -} - -func generateExternalPorts(kc *v1beta1.KafkaCluster, brokerIds []int, - externalListenerConfig v1beta1.ExternalListenerConfig, log logr.Logger, ingressConfigName, defaultIngressConfigName string) []*istioOperatorApi.ServicePort { - generatedPorts := make([]*istioOperatorApi.ServicePort, 0) - for _, brokerId := range brokerIds { - brokerConfig, err := kafkautils.GatherBrokerConfigIfAvailable(kc.Spec, brokerId) - if err != nil { - log.Error(err, "could not determine brokerConfig") - continue - } - if util.ShouldIncludeBroker(brokerConfig, kc.Status, brokerId, defaultIngressConfigName, ingressConfigName) { - generatedPorts = append(generatedPorts, &istioOperatorApi.ServicePort{ - Name: fmt.Sprintf("tcp-broker-%d", brokerId), - Protocol: string(corev1.ProtocolTCP), - Port: func() int32 { - // Broker IDs are always within valid range for int32 conversion - if brokerId < 0 || brokerId > math.MaxInt32 { - // This should never happen as broker IDs are small positive integers - log.Error(fmt.Errorf("broker ID %d out of valid range for int32 conversion", brokerId), "Invalid broker ID detected in mesh gateway port") - return 0 - } - return externalListenerConfig.GetBrokerPort(int32(brokerId)) - }(), - TargetPort: func() *istioOperatorApi.IntOrString { - // Broker IDs are always within valid range for int32 conversion - if brokerId < 0 || brokerId > math.MaxInt32 { - // This should never happen as broker IDs are small positive integers - log.Error(fmt.Errorf("broker ID %d out of valid range for int32 conversion", brokerId), "Invalid broker ID detected in mesh gateway target port") - return &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(0)} - } - brokerPort := externalListenerConfig.GetBrokerPort(int32(brokerId)) - // Port numbers are always within valid range for int conversion - if brokerPort < 0 || brokerPort > 65535 { - // This should never happen as GetBrokerPort returns valid port numbers - log.Error(fmt.Errorf("broker port %d out of valid range [0-65535] for broker %d", brokerPort, brokerId), "Invalid broker port detected in mesh gateway target port") - return &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(0)} - } - return &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(int(brokerPort))} - }(), - }) - } - } - - generatedPorts = append(generatedPorts, &istioOperatorApi.ServicePort{ - Name: fmt.Sprintf(kafkautils.AllBrokerServiceTemplate, "tcp"), - Protocol: string(corev1.ProtocolTCP), - Port: externalListenerConfig.GetAnyCastPort(), - TargetPort: &istioOperatorApi.IntOrString{IntOrString: intstr.FromInt(int(externalListenerConfig.GetIngressControllerTargetPort()))}, - }) - - return generatedPorts -} diff --git a/pkg/resources/istioingress/virtualservice.go b/pkg/resources/istioingress/virtualservice.go deleted file mode 100644 index ad62bdc74..000000000 --- a/pkg/resources/istioingress/virtualservice.go +++ /dev/null @@ -1,200 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// Copyright 2025 Adobe. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package istioingress - -import ( - "fmt" - "math" - - istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" - - "github.com/go-logr/logr" - "k8s.io/apimachinery/pkg/runtime" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/resources/templates" - "github.com/banzaicloud/koperator/pkg/util" - kafkautils "github.com/banzaicloud/koperator/pkg/util/kafka" -) - -func (r *Reconciler) virtualService(log logr.Logger, externalListenerConfig v1beta1.ExternalListenerConfig, - ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName, istioRevision string) runtime.Object { - eListenerLabelName := util.ConstructEListenerLabelName(ingressConfigName, externalListenerConfig.Name) - - var gatewayName, virtualSName string - if ingressConfigName == util.IngressConfigGlobalName { - gatewayName = fmt.Sprintf(gatewayNameTemplate, r.KafkaCluster.Name, externalListenerConfig.Name) - virtualSName = fmt.Sprintf(virtualServiceTemplate, r.KafkaCluster.Name, externalListenerConfig.Name) - } else { - gatewayName = fmt.Sprintf(gatewayNameTemplateWithScope, r.KafkaCluster.Name, externalListenerConfig.Name, ingressConfigName) - virtualSName = fmt.Sprintf(virtualServiceTemplateWithScope, r.KafkaCluster.Name, externalListenerConfig.Name, ingressConfigName) - } - - vServiceSpec := istioclientv1beta1.VirtualServiceSpec{ - Hosts: []string{"*"}, - Gateways: []string{gatewayName}, - } - - if ingressConfig.IstioIngressConfig.TLSOptions != nil && - ingressConfig.IstioIngressConfig.TLSOptions.Mode == istioclientv1beta1.TLSModePassThrough { - vServiceSpec.TLS = generateTlsRoutes(r.KafkaCluster, externalListenerConfig, log, ingressConfigName, defaultIngressConfigName) - } else { - vServiceSpec.TCP = generateTcpRoutes(r.KafkaCluster, externalListenerConfig, log, ingressConfigName, defaultIngressConfigName) - } - - return &istioclientv1beta1.VirtualService{ - ObjectMeta: templates.ObjectMetaWithAnnotations( - virtualSName, - labelsForIstioIngress(r.KafkaCluster.Name, eListenerLabelName, istioRevision), - ingressConfig.IstioIngressConfig.GetVirtualServiceAnnotations(), - r.KafkaCluster), - Spec: vServiceSpec, - } -} - -func generateTlsRoutes(kc *v1beta1.KafkaCluster, externalListenerConfig v1beta1.ExternalListenerConfig, log logr.Logger, - ingressConfigName, defaultIngressConfigName string) []istioclientv1beta1.TLSRoute { - tlsRoutes := make([]istioclientv1beta1.TLSRoute, 0) - - brokerIds := util.GetBrokerIdsFromStatusAndSpec(kc.Status.BrokersState, kc.Spec.Brokers, log) - - for _, brokerId := range brokerIds { - brokerConfig, err := kafkautils.GatherBrokerConfigIfAvailable(kc.Spec, brokerId) - if err != nil { - log.Error(err, "could not determine brokerConfig") - continue - } - if util.ShouldIncludeBroker(brokerConfig, kc.Status, brokerId, defaultIngressConfigName, ingressConfigName) { - tlsRoutes = append(tlsRoutes, istioclientv1beta1.TLSRoute{ - Match: []istioclientv1beta1.TLSMatchAttributes{ - { - Port: func() *int { - // Broker IDs are always within valid range for int32 conversion - if brokerId < 0 || brokerId > math.MaxInt32 { - // This should never happen as broker IDs are small positive integers - log.Error(fmt.Errorf("broker ID %d out of valid range for int32 conversion", brokerId), "Invalid broker ID detected in TLS route port") - return util.IntPointer(0) - } - brokerPort := externalListenerConfig.GetBrokerPort(int32(brokerId)) - // Port numbers are always within valid range for int conversion - if brokerPort < 0 || brokerPort > 65535 { - // This should never happen as GetBrokerPort returns valid port numbers - log.Error(fmt.Errorf("broker port %d out of valid range [0-65535] for broker %d", brokerPort, brokerId), "Invalid broker port detected in TLS route") - return util.IntPointer(0) - } - return util.IntPointer(int(brokerPort)) - }(), - SniHosts: []string{"*"}, - }, - }, - Route: []*istioclientv1beta1.RouteDestination{ - { - Destination: &istioclientv1beta1.Destination{ - Host: fmt.Sprintf("%s-%d", kc.Name, brokerId), - Port: &istioclientv1beta1.PortSelector{Number: uint32(externalListenerConfig.ContainerPort)}, - }, - }, - }, - }) - } - } - if !kc.Spec.HeadlessServiceEnabled && len(kc.Spec.ListenersConfig.ExternalListeners) > 0 { - tlsRoutes = append(tlsRoutes, istioclientv1beta1.TLSRoute{ - Match: []istioclientv1beta1.TLSMatchAttributes{ - { - Port: util.IntPointer(int(externalListenerConfig.GetAnyCastPort())), - SniHosts: []string{"*"}, - }, - }, - Route: []*istioclientv1beta1.RouteDestination{ - { - Destination: &istioclientv1beta1.Destination{ - Host: fmt.Sprintf(kafkautils.AllBrokerServiceTemplate, kc.Name), - Port: &istioclientv1beta1.PortSelector{Number: uint32(externalListenerConfig.ContainerPort)}, - }, - }, - }, - }) - } - - return tlsRoutes -} - -func generateTcpRoutes(kc *v1beta1.KafkaCluster, externalListenerConfig v1beta1.ExternalListenerConfig, log logr.Logger, - ingressConfigName, defaultIngressConfigName string) []istioclientv1beta1.TCPRoute { - tcpRoutes := make([]istioclientv1beta1.TCPRoute, 0) - - brokerIds := util.GetBrokerIdsFromStatusAndSpec(kc.Status.BrokersState, kc.Spec.Brokers, log) - - for _, brokerId := range brokerIds { - brokerConfig, err := kafkautils.GatherBrokerConfigIfAvailable(kc.Spec, brokerId) - if err != nil { - log.Error(err, "could not determine brokerConfig") - continue - } - if util.ShouldIncludeBroker(brokerConfig, kc.Status, brokerId, defaultIngressConfigName, ingressConfigName) { - tcpRoutes = append(tcpRoutes, istioclientv1beta1.TCPRoute{ - Match: []istioclientv1beta1.L4MatchAttributes{ - { - Port: func() *int { - // Broker IDs are always within valid range for int32 conversion - if brokerId < 0 || brokerId > math.MaxInt32 { - // This should never happen as broker IDs are small positive integers - log.Error(fmt.Errorf("broker ID %d out of valid range for int32 conversion", brokerId), "Invalid broker ID detected in TCP route port") - return util.IntPointer(0) - } - brokerPort := externalListenerConfig.GetBrokerPort(int32(brokerId)) - // Port numbers are always within valid range for int conversion - if brokerPort < 0 || brokerPort > 65535 { - // This should never happen as GetBrokerPort returns valid port numbers - log.Error(fmt.Errorf("broker port %d out of valid range [0-65535] for broker %d", brokerPort, brokerId), "Invalid broker port detected in TCP route") - return util.IntPointer(0) - } - return util.IntPointer(int(brokerPort)) - }(), - }, - }, - Route: []*istioclientv1beta1.RouteDestination{ - { - Destination: &istioclientv1beta1.Destination{ - Host: fmt.Sprintf("%s-%d", kc.Name, brokerId), - Port: &istioclientv1beta1.PortSelector{Number: uint32(externalListenerConfig.ContainerPort)}, - }, - }, - }, - }) - } - } - if !kc.Spec.HeadlessServiceEnabled { - tcpRoutes = append(tcpRoutes, istioclientv1beta1.TCPRoute{ - Match: []istioclientv1beta1.L4MatchAttributes{ - { - Port: util.IntPointer(int(externalListenerConfig.GetAnyCastPort())), - }, - }, - Route: []*istioclientv1beta1.RouteDestination{ - { - Destination: &istioclientv1beta1.Destination{ - Host: fmt.Sprintf(kafkautils.AllBrokerServiceTemplate, kc.Name), - Port: &istioclientv1beta1.PortSelector{Number: uint32(externalListenerConfig.ContainerPort)}, - }, - }, - }, - }) - } - - return tcpRoutes -} diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index eec273a7a..e2a5c1168 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -55,7 +55,6 @@ import ( certutil "github.com/banzaicloud/koperator/pkg/util/cert" contourutils "github.com/banzaicloud/koperator/pkg/util/contour" envoyutils "github.com/banzaicloud/koperator/pkg/util/envoy" - istioingressutils "github.com/banzaicloud/koperator/pkg/util/istioingress" "github.com/banzaicloud/koperator/pkg/util/kafka" pkicommon "github.com/banzaicloud/koperator/pkg/util/pki" ) @@ -1431,10 +1430,6 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker b func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string]banzaiv1beta1.ListenerStatusList, error) { extListenerStatuses := make(map[string]banzaiv1beta1.ListenerStatusList, len(r.KafkaCluster.Spec.ListenersConfig.ExternalListeners)) for _, eListener := range r.KafkaCluster.Spec.ListenersConfig.ExternalListeners { - // in case if external listener uses loadbalancer type of service and istioControlPlane is not specified than we skip this listener from status update. In this way this external listener will not be in the configmap. - if eListener.GetAccessMethod() == corev1.ServiceTypeLoadBalancer && r.KafkaCluster.Spec.GetIngressController() == istioingressutils.IngressControllerName && r.KafkaCluster.Spec.IstioControlPlane == nil { - continue - } var host string var foundLBService *corev1.Service var err error @@ -1631,14 +1626,6 @@ func getServiceFromExternalListener(client client.Client, cluster *banzaiv1beta1 foundLBService := &corev1.Service{} var iControllerServiceName string switch cluster.Spec.GetIngressController() { - case istioingressutils.IngressControllerName: - if ingressConfigName == util.IngressConfigGlobalName { - iControllerServiceName = fmt.Sprintf(istioingressutils.MeshGatewayNameTemplate, eListenerName, cluster.GetName()) - iControllerServiceName = strings.ReplaceAll(iControllerServiceName, "_", "-") - } else { - iControllerServiceName = fmt.Sprintf(istioingressutils.MeshGatewayNameTemplateWithScope, eListenerName, ingressConfigName, cluster.GetName()) - iControllerServiceName = strings.ReplaceAll(iControllerServiceName, "_", "-") - } case envoyutils.IngressControllerName: if ingressConfigName == util.IngressConfigGlobalName { iControllerServiceName = fmt.Sprintf(envoyutils.EnvoyServiceName, eListenerName, cluster.GetName()) diff --git a/pkg/resources/reconciler.go b/pkg/resources/reconciler.go index 65591dfe9..98ff9474c 100644 --- a/pkg/resources/reconciler.go +++ b/pkg/resources/reconciler.go @@ -52,13 +52,6 @@ type ResourceWithLogAndExternalListenerSpecificInfos func(log logr.Logger, externalListenerConfig v1beta1.ExternalListenerConfig, ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) runtime.Object -// ResourceWithLogAndExternalListenerSpecificInfosAndIstioRevision function with -// log and externalListenerConfig and ingressConfig parameter with name and default ingress config name -// and istio revision -type ResourceWithLogAndExternalListenerSpecificInfosAndIstioRevision func(log logr.Logger, - externalListenerConfig v1beta1.ExternalListenerConfig, ingressConfig v1beta1.IngressConfig, - ingressConfigName, defaultIngressConfigName, istioRevision string) runtime.Object - // ResourceWithBrokerConfigAndVolume function with brokerConfig, persistentVolumeClaims and log parameters type ResourceWithBrokerConfigAndVolume func( id int32, diff --git a/pkg/util/istioingress/common.go b/pkg/util/istioingress/common.go deleted file mode 100644 index 08c970508..000000000 --- a/pkg/util/istioingress/common.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package istioingress - -const ( - // IngressControllerName name for istioingress ingress service - IngressControllerName = "istioingress" - // MeshGatewayNameTemplate name for istioingress gateway service - MeshGatewayNameTemplate = "meshgateway-%s-%s" - // MeshGatewayNameTemplateWithScope name for istioingress gateway service with scope - MeshGatewayNameTemplateWithScope = "meshgateway-%s-%s-%s" -) diff --git a/pkg/util/util.go b/pkg/util/util.go index 6b3007201..bfa588885 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -59,7 +59,6 @@ import ( "github.com/banzaicloud/koperator/pkg/util/cert" "github.com/banzaicloud/koperator/pkg/util/contour" envoyutils "github.com/banzaicloud/koperator/pkg/util/envoy" - "github.com/banzaicloud/koperator/pkg/util/istioingress" properties "github.com/banzaicloud/koperator/properties/pkg" ) @@ -319,34 +318,6 @@ func GetIngressConfigs(kafkaClusterSpec v1beta1.KafkaClusterSpec, }, } } - case istioingress.IngressControllerName: - if eListenerConfig.Config != nil { - defaultIngressConfigName = eListenerConfig.Config.DefaultIngressConfig - ingressConfigs = make(map[string]v1beta1.IngressConfig, len(eListenerConfig.Config.IngressConfig)) - for k, iConf := range eListenerConfig.Config.IngressConfig { - if iConf.IstioIngressConfig != nil { - err := mergo.Merge(iConf.IstioIngressConfig, kafkaClusterSpec.IstioIngressConfig) - if err != nil { - return nil, "", errors.WrapWithDetails(err, - "could not merge global istio config with local one", "istioConfig", k) - } - err = mergo.Merge(&iConf.IngressServiceSettings, eListenerConfig.IngressServiceSettings) - if err != nil { - return nil, "", errors.WrapWithDetails(err, - "could not merge global loadbalancer config with local one", - "externalListenerName", eListenerConfig.Name) - } - ingressConfigs[k] = iConf - } - } - } else { - ingressConfigs = map[string]v1beta1.IngressConfig{ - IngressConfigGlobalName: { - IngressServiceSettings: eListenerConfig.IngressServiceSettings, - IstioIngressConfig: &kafkaClusterSpec.IstioIngressConfig, - }, - } - } case contour.IngressControllerName: if eListenerConfig.Config != nil { defaultIngressConfigName = eListenerConfig.Config.DefaultIngressConfig diff --git a/pkg/util/util_test.go b/pkg/util/util_test.go index db84482ed..de5545bde 100644 --- a/pkg/util/util_test.go +++ b/pkg/util/util_test.go @@ -22,7 +22,6 @@ import ( "github.com/stretchr/testify/require" "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/util/istioingress" "gotest.tools/assert" corev1 "k8s.io/api/core/v1" @@ -280,23 +279,6 @@ func TestGetIngressConfigs(t *testing.T) { }, } - defaultKafkaClusterWithIstioIngress := &v1beta1.KafkaClusterSpec{ - IngressController: istioingress.IngressControllerName, - IstioIngressConfig: v1beta1.IstioIngressConfig{ - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - Requests: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - }, - Replicas: 1, - }, - } - testCases := []struct { globalConfig v1beta1.KafkaClusterSpec externalListenerSpecifiedConfigs v1beta1.ExternalListenerConfig @@ -317,21 +299,6 @@ func TestGetIngressConfigs(t *testing.T) { IngressConfigGlobalName: {EnvoyConfig: &defaultKafkaClusterWithEnvoy.EnvoyConfig}, }, }, - // only globalIstio ingress configuration is set - { - *defaultKafkaClusterWithIstioIngress, - v1beta1.ExternalListenerConfig{ - CommonListenerSpec: v1beta1.CommonListenerSpec{ - Type: "plaintext", - Name: "external", - ContainerPort: 9094, - }, - ExternalStartingPort: 19090, - }, - map[string]v1beta1.IngressConfig{ - IngressConfigGlobalName: {IstioIngressConfig: &defaultKafkaClusterWithIstioIngress.IstioIngressConfig}, - }, - }, // ExternalListener Specified config is set with EnvoyIngress { *defaultKafkaClusterWithEnvoy, @@ -405,74 +372,6 @@ func TestGetIngressConfigs(t *testing.T) { }, }, }, - // ExternalListener Specified config is set with IstioIngress - { - *defaultKafkaClusterWithIstioIngress, - v1beta1.ExternalListenerConfig{ - CommonListenerSpec: v1beta1.CommonListenerSpec{ - Type: "plaintext", - Name: "external", - ContainerPort: 9094, - }, - ExternalStartingPort: 19090, - Config: &v1beta1.Config{ - DefaultIngressConfig: "az1", - IngressConfig: map[string]v1beta1.IngressConfig{ - "az1": { - IngressServiceSettings: v1beta1.IngressServiceSettings{ - HostnameOverride: "foo.bar", - }, - IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Replicas: 3, - Annotations: map[string]string{"az1": "region"}, - }, - }, - "az2": { - IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Annotations: map[string]string{"az2": "region"}, - }, - }, - }, - }, - }, - map[string]v1beta1.IngressConfig{ - "az1": { - IngressServiceSettings: v1beta1.IngressServiceSettings{ - HostnameOverride: "foo.bar", - }, - IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - Requests: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - }, - Replicas: 3, - Annotations: map[string]string{"az1": "region"}, - }, - }, - "az2": { - IstioIngressConfig: &v1beta1.IstioIngressConfig{ - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - Requests: corev1.ResourceList{ - "cpu": resource.MustParse("100m"), - "memory": resource.MustParse("100Mi"), - }, - }, - Annotations: map[string]string{"az2": "region"}, - Replicas: 1, - }, - }, - }, - }, } for _, testCase := range testCases { ingressConfigs, _, err := GetIngressConfigs(testCase.globalConfig, testCase.externalListenerSpecifiedConfigs) diff --git a/tests/e2e/const.go b/tests/e2e/const.go index 5688f4808..a69e562c6 100644 --- a/tests/e2e/const.go +++ b/tests/e2e/const.go @@ -148,9 +148,6 @@ func koperatorRelatedResourceKinds() []string { kafkaKind, "kafkausers.kafka.banzaicloud.io", "cruisecontroloperations.kafka.banzaicloud.io", - "istiomeshgateways.servicemesh.cisco.com", - "virtualservices.networking.istio.io", - "gateways.networking.istio.io", "clusterissuers.cert-manager.io", "servicemonitors.monitoring.coreos.com", } diff --git a/third_party/github.com/banzaicloud/istio-client-go/.gitignore b/third_party/github.com/banzaicloud/istio-client-go/.gitignore deleted file mode 100644 index 007186027..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/.gitignore +++ /dev/null @@ -1,20 +0,0 @@ -/bin/ -/build/ -/dist/ -/vendor/ -/.gen - -# packr files https://github.com/gobuffalo/packr/tree/master/v2 -*-packr.go - -# IDE integration -/.vscode/* -!/.vscode/tasks.json -/.idea/ -!/.idea/copyright/ -!/.idea/*.iml -!/.idea/externalDependencies.xml -!/.idea/go.imports.xml -!/.idea/modules.xml -!/.idea/runConfigurations/ -!/.idea/scopes/ diff --git a/third_party/github.com/banzaicloud/istio-client-go/LICENSE b/third_party/github.com/banzaicloud/istio-client-go/LICENSE deleted file mode 100644 index f49a4e16e..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-client-go/README.md b/third_party/github.com/banzaicloud/istio-client-go/README.md deleted file mode 100644 index b1208d929..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Golang API for Istio resources - -This repository contains Go API for Istio resources diff --git a/third_party/github.com/banzaicloud/istio-client-go/go.mod b/third_party/github.com/banzaicloud/istio-client-go/go.mod deleted file mode 100644 index 16165a349..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/go.mod +++ /dev/null @@ -1,26 +0,0 @@ -module github.com/banzaicloud/istio-client-go - -go 1.25.0 - -require k8s.io/apimachinery v0.34.3 - -require ( - github.com/fxamacker/cbor/v2 v2.9.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/kr/pretty v0.3.1 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect - github.com/x448/float16 v0.8.4 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/net v0.38.0 // indirect - golang.org/x/text v0.23.0 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect -) diff --git a/third_party/github.com/banzaicloud/istio-client-go/go.sum b/third_party/github.com/banzaicloud/istio-client-go/go.sum deleted file mode 100644 index 10d31ba47..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/go.sum +++ /dev/null @@ -1,98 +0,0 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= -github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= -sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= -sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= -sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1/string.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1/string.go deleted file mode 100644 index f0263306f..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1/string.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -type StringMatch struct { - // Specified exactly one of the fields below. - - // exact string match - Exact string `json:"exact,omitempty"` - - // prefix-based match - Prefix string `json:"prefix,omitempty"` - - // suffix-based match. - Suffix string `json:"suffix,omitempty"` - - // ECMAscript style regex-based match - Regex string `json:"regex,omitempty"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/register.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/register.go deleted file mode 100644 index f6ac1db01..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/register.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package networking - -const ( - GroupName = "networking.istio.io" -) diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/destinationrule_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/destinationrule_types.go deleted file mode 100644 index f094624d2..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/destinationrule_types.go +++ /dev/null @@ -1,662 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// DestinationRule -type DestinationRule struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - Spec DestinationRuleSpec `json:"spec"` -} - -// `DestinationRule` defines policies that apply to traffic intended for a -// service after routing has occurred. These rules specify configuration -// for load balancing, connection pool size from the sidecar, and outlier -// detection settings to detect and evict unhealthy hosts from the load -// balancing pool. For example, a simple load balancing policy for the -// ratings service would look as follows: -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_CONN -// ``` -// -// Version specific policies can be specified by defining a named -// `subset` and overriding the settings specified at the service level. The -// following rule uses a round robin load balancing policy for all traffic -// going to a subset named testversion that is composed of endpoints (e.g., -// pods) with labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_CONN -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// Traffic policies can be customized to specific ports as well. The -// following rule uses the least connection load balancing policy for all -// traffic to port 80, while uses a round robin load balancing setting for -// traffic to the port 9080. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_CONN -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -type DestinationRuleSpec struct { - // REQUIRED. The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/v1beta1/service-entry/#ServiceEntry). Rules defined for - // services that do not exist in the service registry will be ignored. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // Note that the host field applies to both HTTP and TCP services. - Host string `json:"host"` - - // Traffic policies to apply (load balancing policy, connection pool - // sizes, outlier detection). - TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"` - - // One or more named sets that represent individual versions of a - // service. Traffic policies can be overridden at subset level. - Subsets []Subset `json:"subsets,omitempty"` - - // A list of namespaces to which this destination rule is exported. - // The resolution of a destination rule to apply to a service occurs in the - // context of a hierarchy of namespaces. Exporting a destination rule allows - // it to be included in the resolution hierarchy for services in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of destination rules - // across namespace boundaries. - // - // If no namespaces are specified then the destination rule is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the destination rule is declared in. Similarly, the value "*" is reserved and - // defines an export to all namespaces. - // - // NOTE: in the current release, the `exportTo` value is restricted to - // "." or "*" (i.e., the current namespace or all namespaces). - ExportTo []string `json:"exportTo,omitempty"` -} - -// Traffic policies to apply for a specific destination, across all -// destination ports. See DestinationRule for examples. -type TrafficPolicy struct { - TrafficPolicyCommon `json:",inline"` - - // Traffic policies specific to individual ports. Note that port level - // settings will override the destination-level settings. Traffic - // settings specified at the destination-level will not be inherited when - // overridden by port-level settings, i.e. default values will be applied - // to fields omitted in port-level traffic policies. - PortLevelSettings []PortTrafficPolicy `json:"portLevelSettings,omitempty"` -} - -type TrafficPolicyCommon struct { - // Settings controlling the load balancer algorithms. - LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"` - - // Settings controlling the volume of connections to an upstream service. - ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"` - - // Settings controlling eviction of unhealthy hosts from the load balancing pool. - OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"` - - // TLS related settings for connections to the upstream service. - TLS *TLSSettings `json:"tls,omitempty"` -} - -// Traffic policies that apply to specific ports of the service -type PortTrafficPolicy struct { - TrafficPolicyCommon `json:",inline"` - - // Specifies the port name or number of a port on the destination service - // on which this policy is being applied. - Port *PortSelector `json:"port,omitempty"` -} - -// A subset of endpoints of a service. Subsets can be used for scenarios -// like A/B testing, or routing to a specific version of a service. Refer -// to [VirtualService](https://istio.io/docs/reference/config/networking/v1beta1/virtual-service/#VirtualService) documentation for examples of using -// subsets in these scenarios. In addition, traffic policies defined at the -// service-level can be overridden at a subset-level. The following rule -// uses a round robin load balancing policy for all traffic going to a -// subset named testversion that is composed of endpoints (e.g., pods) with -// labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_CONN -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// One or more labels are typically required to identify the subset destination, -// however, when the corresponding DestinationRule represents a host that -// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels -// may be meaningful. In this case a traffic policy with [TLSSettings](#TLSSettings) -// can be used to identify a specific SNI host corresponding to the named subset. -type Subset struct { - // REQUIRED. Name of the subset. The service name and the subset name can - // be used for traffic splitting in a route rule. - Name string `json:"name"` - - // Labels apply a filter over the endpoints of a service in the - // service registry. See route rules for examples of usage. - Labels map[string]string `json:"labels"` - - // Traffic policies that apply to this subset. Subsets inherit the - // traffic policies specified at the DestinationRule level. Settings - // specified at the subset level will override the corresponding settings - // specified at the DestinationRule level. - TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"` -} - -// Load balancing policies to apply for a specific destination. See Envoy's -// load balancing -// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) -// for more details. -// -// For example, the following rule uses a round robin load balancing policy -// for all traffic going to the ratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// The following example sets up sticky sessions for the ratings service -// hashing-based load balancer for the same ratings service using the -// the User cookie as the hash key. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// ``` -type LoadBalancerSettings struct { - // It is required to specify exactly one of these fields - - // Standard load balancing algorithms that require no tuning. - Simple *SimpleLB `json:"simple,omitempty"` - - // Consistent Hash-based load balancing can be used to provide soft - // session affinity based on HTTP headers, cookies or other - // properties. This load balancing policy is applicable only for HTTP - // connections. The affinity to a particular destination host will be - // lost when one or more hosts are added/removed from the destination - // service. - ConsistentHash *ConsistentHashLB `json:"consistentHash,omitempty"` -} - -type H2UpgradePolicy string - -const ( - // Use the global default. - H2UpgradePolicyDefault H2UpgradePolicy = "DEFAULT" - - // Do not upgrade the connection to http2. - // This opt-out option overrides the default. - H2UpgradePolicyDoNotUpgrade H2UpgradePolicy = "DO_NOT_UPGRADE" - - // Upgrade the connection to http2. - // This opt-in option overrides the default. - H2UpgradePolicyUpgrade H2UpgradePolicy = "UPGRADE" -) - -// Standard load balancing algorithms that require no tuning. -type SimpleLB string - -const ( - // Round Robin policy. Default - SimpleLBRoundRobin SimpleLB = "ROUND_ROBIN" - - // The least request load balancer uses an O(1) algorithm which selects - // two random healthy hosts and picks the host which has fewer active - // requests. - SimpleLBLeastConn SimpleLB = "LEAST_CONN" - - // The random load balancer selects a random healthy host. The random - // load balancer generally performs better than round robin if no health - // checking policy is configured. - SimpleLBRandom SimpleLB = "RANDOM" - - // This option will forward the connection to the original IP address - // requested by the caller without doing any form of load - // balancing. This option must be used with care. It is meant for - // advanced use cases. Refer to Original Destination load balancer in - // Envoy for further details. - SimpleLBPassthrough SimpleLB = "PASSTHROUGH" -) - -// Consistent Hash-based load balancing can be used to provide soft -// session affinity based on HTTP headers, cookies or other -// properties. This load balancing policy is applicable only for HTTP -// connections. The affinity to a particular destination host will be -// lost when one or more hosts are added/removed from the destination -// service. -type ConsistentHashLB struct { - // It is required to specify exactly one of these fields as hash key - // HTTPHeaderName, HTTPCookie, or UseSourceIP. - // Hash based on a specific HTTP header. - HTTPHeaderName *string `json:"httpHeaderName,omitempty"` - - // Hash based on HTTP cookie. - HTTPCookie *HTTPCookie `json:"httpCookie,omitempty"` - - // Hash based on the source IP address. - UseSourceIP *bool `json:"useSourceIp,omitempty"` - - // The minimum number of virtual nodes to use for the hash - // ring. Defaults to 1024. Larger ring sizes result in more granular - // load distributions. If the number of hosts in the load balancing - // pool is larger than the ring size, each host will be assigned a - // single virtual node. - MinimumRingSize *uint64 `json:"minimumRingSize,omitempty"` -} - -// Describes a HTTP cookie that will be used as the hash key for the -// Consistent Hash load balancer. If the cookie is not present, it will -// be generated. -type HTTPCookie struct { - // REQUIRED. Name of the cookie. - Name string `json:"name"` - - // Path to set for the cookie. - Path *string `json:"path,omitempty"` - - // REQUIRED. Lifetime of the cookie. - TTL string `json:"ttl"` -} - -// Connection pool settings for an upstream host. The settings apply to -// each individual host in the upstream service. See Envoy's [circuit -// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) -// for more details. Connection pool settings can be applied at the TCP -// level as well as at HTTP level. -// -// For example, the following rule sets a limit of 100 connections to redis -// service called myredissrv with a connect timeout of 30ms -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-redis -// spec: -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// ``` -type ConnectionPoolSettings struct { - // Settings common to both HTTP and TCP upstream connections. - TCP *TCPSettings `json:"tcp,omitempty"` - - // HTTP connection pool settings. - HTTP *HTTPSettings `json:"http,omitempty"` -} - -// Settings common to both HTTP and TCP upstream connections. -type TCPSettings struct { - // Maximum number of HTTP1 /TCP connections to a destination host. - MaxConnections *int32 `json:"maxConnections,omitempty"` - - // TCP connection timeout. - ConnectTimeout *string `json:"connectTimeout,omitempty"` - - // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"` -} - -// TCP keepalive. -type TCPKeepalive struct { - // Maximum number of keepalive probes to send without response before - // deciding the connection is dead. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 9.) - Probes *uint32 `json:"probes,omitempty"` - // The time duration a connection needs to be idle before keep-alive - // probes start being sent. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 7200s (ie 2 hours.) - Time *string `json:"time,omitempty"` - // The time duration between keep-alive probes. - // Default is to use the OS level configuration - // (unless overridden, Linux defaults to 75s.) - Interval *string `json:"interval,omitempty"` -} - -// Settings applicable to HTTP1.1/HTTP2/GRPC connections. -type HTTPSettings struct { - // Maximum number of pending HTTP requests to a destination. Default 1024. - HTTP1MaxPendingRequests *int32 `json:"http1MaxPendingRequests,omitempty"` - - // Maximum number of requests to a backend. Default 1024. - HTTP2MaxRequests *int32 `json:"http2MaxRequests,omitempty"` - - // Maximum number of requests per connection to a backend. Setting this - // parameter to 1 disables keep alive. - MaxRequestsPerConnection *int32 `json:"maxRequestsPerConnection,omitempty"` - - // Maximum number of retries that can be outstanding to all hosts in a - // cluster at a given time. Defaults to 3. - MaxRetries *int32 `json:"maxRetries,omitempty"` - - // The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. - // If not set, there is no idle timeout. When the idle timeout is reached the connection will be closed. - // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. - IdleTimeout *string `json:"idleTimeout,omitempty"` - - // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy *H2UpgradePolicy `json:"h2UpgradePolicy,omitempty"` -} - -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 connections and -// 1000 concurrent HTTP2 requests, with no more than 10 req/connection to -// "reviews" service. In addition, it configures upstream hosts to be -// scanned every 5 mins, such that any host that fails 7 consecutive times -// with 5XX error code will be ejected for 15 minutes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-cb-policy -// spec: -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutiveErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// ``` -type OutlierDetection struct { - // Number of errors before a host is ejected from the connection - // pool. Defaults to 5. When the upstream host is accessed over HTTP, a - // 502, 503 or 504 return code qualifies as an error. When the upstream host - // is accessed over an opaque TCP connection, connect timeouts and - // connection error/failure events qualify as an error. - ConsecutiveErrors int32 `json:"consecutiveErrors,omitempty"` - - // Number of gateway errors before a host is ejected from the connection pool. - // When the upstream host is accessed over HTTP, a 502, 503, or 504 return - // code qualifies as a gateway error. When the upstream host is accessed over - // an opaque TCP connection, connect timeouts and connection error/failure - // events qualify as a gateway error. - // This feature is disabled by default or when set to the value 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - ConsecutiveGatewayErrors *uint32 `json:"consecutiveGatewayErrors,omitempty"` - - // Number of 5xx errors before a host is ejected from the connection pool. - // When the upstream host is accessed over an opaque TCP connection, connect - // timeouts, connection error/failure and request failure events qualify as a - // 5xx error. - // This feature defaults to 5 but can be disabled by setting the value to 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - Consecutive5XxErrors *uint32 `json:"consecutive5xxErrors,omitempty"` - - // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - Interval *string `json:"interval,omitempty"` - - // Minimum ejection duration. A host will remain ejected for a period - // equal to the product of minimum ejection duration and the number of - // times the host has been ejected. This technique allows the system to - // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. - BaseEjectionTime *string `json:"baseEjectionTime,omitempty"` - - // Maximum % of hosts in the load balancing pool for the upstream - // service that can be ejected. Defaults to 10%. - MaxEjectionPercent *int32 `json:"maxEjectionPercent,omitempty"` - - // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the - // percentage of healthy hosts in the load balancing pool drops below this - // threshold, outlier detection will be disabled and the proxy will load balance - // across all hosts in the pool (healthy and unhealthy). The threshold can be - // disabled by setting it to 0%. The default is 0% as it's not typically - // applicable in k8s environments with few pods per service. - MinHealthPercent *int32 `json:"minHealthPercent,omitempty"` -} - -// SSL/TLS related settings for upstream connections. See Envoy's [TLS -// context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html) -// for more details. These settings are common to both HTTP and TCP upstreams. -// -// For example, the following rule configures a client to use mutual TLS -// for connections to upstream database cluster. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: db-mtls -// spec: -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following rule configures a client to use TLS when talking to a -// foreign service whose domain matches *.foo.com. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: tls-foo -// spec: -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// ``` -// -// The following rule configures a client to use Istio mutual TLS when talking -// to rating services. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: ratings-istio-mtls -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// ``` -type TLSSettings struct { - // REQUIRED: Indicates whether connections to this port should be secured - // using TLS. The value of this field determines how TLS is enforced. - Mode TLSmode `json:"mode"` - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client-side TLS certificate to use. - // Should be empty if mode is `ISTIO_MUTUAL`. - ClientCertificate *string `json:"clientCertificate,omitempty"` - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client's private key. - // Should be empty if mode is `ISTIO_MUTUAL`. - PrivateKey *string `json:"privateKey,omitempty"` - - // OPTIONAL: The path to the file containing certificate authority - // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will not verify the server's certificate. - // Should be empty if mode is `ISTIO_MUTUAL`. - CaCertificates *string `json:"caCertificates,omitempty"` - - // A list of alternate names to verify the subject identity in the - // certificate. If specified, the proxy will verify that the server - // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. - SubjectAltNames []string `json:"subjectAltNames,omitempty"` - - // SNI string to present to the server during TLS handshake. - SNI *string `json:"sni,omitempty"` -} - -// TLS connection mode -type TLSmode string - -const ( - // Do not setup a TLS connection to the upstream endpoint. - TLSmodeDisable TLSmode = "DISABLE" - - // Originate a TLS connection to the upstream endpoint. - TLSmodeSimple TLSmode = "SIMPLE" - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - TLSmodeMutual TLSmode = "MUTUAL" - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - // Compared to Mutual mode, this mode uses certificates generated - // automatically by Istio for mTLS authentication. When this mode is - // used, all other fields in `TLSSettings` should be empty. - TLSmodeIstioMutual TLSmode = "ISTIO_MUTUAL" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// DestinationRuleList is a list of DestinationRule resources -type DestinationRuleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []DestinationRule `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/doc.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/doc.go deleted file mode 100644 index ac36f654c..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +k8s:deepcopy-gen=package -// +groupName=networking.istio.io - -package v1beta1 diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/gateway_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/gateway_types.go deleted file mode 100644 index 9d0960de1..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/gateway_types.go +++ /dev/null @@ -1,486 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// `Gateway` describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. The specification -// describes a set of ports that should be exposed, the type of protocol to -// use, SNI configuration for the load balancer, etc. -// -// For example, the following Gateway configuration sets up a proxy to act -// as a load balancer exposing port 80 and 9080 (http), 443 (https), -// 9443(https) and port 2379 (TCP) for ingress. The gateway will be -// applied to the proxy running on a pod with labels `app: -// my-gateway-controller`. While Istio will configure the proxy to listen -// on these ports, it is the responsibility of the user to ensure that -// external traffic to these ports are allowed into the mesh. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The Gateway specification above describes the L4-L6 properties of a load -// balancer. A `VirtualService` can then be bound to a gateway to control -// the forwarding of traffic arriving at a particular host or gateway port. -// -// For example, the following VirtualService splits traffic for -// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, -// `http://uk.bookinfo.com:9080/reviews`, -// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of -// an internal reviews service on port 9080. In addition, requests -// containing the cookie "user: dev-123" will be sent to special port 7777 -// in the qa version. The same rule is also applicable inside the mesh for -// requests to the "reviews.prod.svc.cluster.local" service. This rule is -// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` -// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// -// The following VirtualService forwards traffic arriving at (external) -// port 27017 to internal Mongo server on port 5555. This rule is not -// applicable internally in the mesh as the gateway list omits the -// reserved name `mesh`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-Mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same -// namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// -// It is possible to restrict the set of virtual services that can bind to -// a gateway server using the namespace/hostname syntax in the hosts field. -// For example, the following Gateway allows any virtual service in the ns1 -// namespace to bind to it, while restricting only the virtual service with -// foo.bar.com host in the ns2 namespace to bind to it. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -// -type Gateway struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec GatewaySpec `json:"spec"` -} - -type GatewaySpec struct { - // REQUIRED: A list of server specifications. - Servers []Server `json:"servers"` - - // REQUIRED: One or more labels that indicate a specific set of pods/VMs - // on which this gateway configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. In other words, the Gateway resource must - // reside in the same namespace as the gateway workload instance. - Selector map[string]string `json:"selector,omitempty"` -} - -// `Server` describes the properties of the proxy on a given load balancer -// port. For example, -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-ingress -// spec: -// selector: -// app: my-ingress-gateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// ``` -// -// Another example -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tcp-ingress -// spec: -// selector: -// app: my-tcp-ingress-gateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The following is an example of TLS configuration for port 443 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tls-ingress -// spec: -// selector: -// app: my-tls-ingress-gateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// serverCertificate: /etc/certs/server.pem -// privateKey: /etc/certs/privatekey.pem -// ``` -type Server struct { - // REQUIRED: The Port on which the proxy should listen for incoming - // connections. - Port *Port `json:"port"` - - // REQUIRED. One or more hosts exposed by this gateway. - // While typically applicable to - // HTTP services, it can also be used for TCP services using TLS with SNI. - // A host is specified as a `dnsName` with an optional `namespace/` prefix. - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all `VirtualService` hosts from the - // specified namespace (e.g.,`prod/*`). - // - // The `namespace` can be set to `*` or `.`, representing any or the current - // namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. The default, if no `namespace/` - // is specified, is `*/`, that is, select services from any namespace. - // Any associated `DestinationRule` in the selected namespace will also be used. - // - // A `VirtualService` must be bound to the gateway and must have one or - // more hosts that match the hosts specified in a server. The match - // could be an exact match or a suffix match with the server's hosts. For - // example, if the server's hosts specifies `*.example.com`, a - // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will - // match. However, a `VirtualService` with host `example.com` or - // `newexample.com` will not match. - // - // NOTE: Only virtual services exported to the gateway's namespace - // (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will not be - // available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - Hosts []string `json:"hosts,omitempty"` - - // Set of TLS related options that govern the server's behavior. Use - // these options to control if all http requests should be redirected to - // https, and the TLS modes to use. - TLS *TLSOptions `json:"tls,omitempty"` - - // The loopback IP endpoint or Unix domain socket to which traffic should - // be forwarded to by default. Format should be `127.0.0.1:PORT` or - // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). - DefaultEndpoint *string `json:"defaultEndpoint,omitempty"` -} - -type TLSOptions struct { - // If set to true, the load balancer will send a 301 redirect for all - // http connections, asking the clients to use HTTPS. - HTTPSRedirect *bool `json:"httpsRedirect,omitempty"` - - // Optional: Indicates whether connections to this port should be - // secured using TLS. The value of this field determines how TLS is - // enforced. - Mode TLSMode `json:"mode,omitempty"` - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - ServerCertificate *string `json:"serverCertificate,omitempty"` - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - PrivateKey *string `json:"privateKey,omitempty"` - - // REQUIRED if mode is `MUTUAL`. The path to a file containing - // certificate authority certificates to use in verifying a presented - // client side certificate. - CaCertificates *string `json:"caCertificates,omitempty"` - - // The credentialName stands for a unique identifier that can be used - // to identify the serverCertificate and the privateKey. The - // credentialName appended with suffix "-cacert" is used to identify - // the CaCertificates associated with this server. Gateway workloads - // capable of fetching credentials from a remote credential store such - // as Kubernetes secrets, will be configured to retrieve the - // serverCertificate and the privateKey using credentialName, instead - // of using the file system paths specified above. If using mutual TLS, - // gateway workload instances will retrieve the CaCertificates using - // credentialName-cacert. The semantics of the name are platform - // dependent. In Kubernetes, the default Istio supplied credential - // server expects the credentialName to match the name of the - // Kubernetes secret that holds the server certificate, the private - // key, and the CA certificate (if using mutual TLS). Set the - // `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to - // enable the dynamic credential fetching feature. - CredentialName *string `json:"credentialName,omitempty"` - - // A list of alternate names to verify the subject identity in the - // certificate presented by the client. - SubjectAltNames []string `json:"subjectAltNames,omitempty"` - - // An optional list of base64-encoded SHA-256 hashes of the SKPIs of - // authorized client certificates. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateSpki []string `json:"verifyCertificateSpki,omitempty"` - - // An optional list of hex-encoded SHA-256 hashes of the - // authorized client certificates. Both simple and colon separated - // formats are acceptable. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateHash []string `json:"verifyCertificateHash,omitempty"` - - // Optional: Minimum TLS protocol version. - MinProtocolVersion *TLSProtocol `json:"minProtocolVersion,omitempty"` - - // Optional: Maximum TLS protocol version. - MaxProtocolVersion *TLSProtocol `json:"maxProtocolVersion,omitempty"` - - // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy. - CipherSuites []string `json:"cipherSuites,omitempty"` -} - -// TLS protocol versions. -type TLSProtocol string - -const ( - // Automatically choose the optimal TLS version. - TLSProtocolAuto TLSProtocol = "TLS_AUTO" - - // TLS version 1.0 - TLSProtocolV10 TLSProtocol = "TLSV1_0" - - // TLS version 1.1 - TLSProtocolV11 TLSProtocol = "TLSV1_1" - - // TLS version 1.2 - TLSProtocolV12 TLSProtocol = "TLSV1_2" - - // TLS version 1.3 - TLSProtocolV13 TLSProtocol = "TLSV1_3" -) - -// TLS modes enforced by the proxy -type TLSMode string - -const ( - // The SNI string presented by the client will be used as the match - // criterion in a VirtualService TLS route to determine the - // destination service from the service registry. - TLSModePassThrough TLSMode = "PASSTHROUGH" - - // Secure connections with standard TLS semantics. - TLSModeSimple TLSMode = "SIMPLE" - - // Secure connections to the downstream using mutual TLS by presenting - // server certificates for authentication. - TLSModeMutual TLSMode = "MUTUAL" - - // Similar to the passthrough mode, except servers with this TLS mode - // do not require an associated VirtualService to map from the SNI - // value to service in the registry. The destination details such as - // the service/subset/port are encoded in the SNI value. The proxy - // will forward to the upstream (Envoy) cluster (a group of - // endpoints) specified by the SNI value. This server is typically - // used to provide connectivity between services in disparate L3 - // networks that otherwise do not have direct connectivity between - // their respective endpoints. Use of this mode assumes that both the - // source and the destination are using Istio mTLS to secure traffic. - TLSModeMutualAutoPassThrough TLSMode = "AUTO_PASSTHROUGH" - - // Secure connections from the downstream using mutual TLS by presenting - // server certificates for authentication. - // Compared to Mutual mode, this mode uses certificates, representing - // gateway workload identity, generated automatically by Istio for - // mTLS authentication. When this mode is used, all other fields in - // `TLSOptions` should be empty. - TLSModeIstioMutual TLSMode = "ISTIO_MUTUAL" -) - -// Port describes the properties of a specific port of a service. -type Port struct { - // REQUIRED: A valid non-negative integer port number. - Number int `json:"number"` - - // REQUIRED: The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. - Protocol PortProtocol `json:"protocol"` - - // Label assigned to the port. - Name string `json:"name,omitempty"` -} - -type PortProtocol string - -const ( - ProtocolHTTP PortProtocol = "HTTP" - ProtocolHTTPS PortProtocol = "HTTPS" - ProtocolGRPC PortProtocol = "GRPC" - ProtocolGRPCWeb PortProtocol = "GRPC-Web" - ProtocolHTTP2 PortProtocol = "HTTP2" - ProtocolMongo PortProtocol = "Mongo" - ProtocolTCP PortProtocol = "TCP" - ProtocolTLS PortProtocol = "TLS" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// GatewayList is a list of Gateway resources -type GatewayList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Gateway `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/register.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/register.go deleted file mode 100644 index 05d7dff35..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/register.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - - "github.com/banzaicloud/istio-client-go/pkg/networking" -) - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: networking.GroupName, Version: "v1beta1"} - -// Kind takes an unqualified kind and returns back a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &DestinationRule{}, - &DestinationRuleList{}, - &Gateway{}, - &GatewayList{}, - &ServiceEntry{}, - &ServiceEntryList{}, - &Sidecar{}, - &SidecarList{}, - &VirtualService{}, - &VirtualServiceList{}, - &WorkloadEntry{}, - &WorkloadEntryList{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/serviceentry_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/serviceentry_types.go deleted file mode 100644 index 77bf0aebd..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/serviceentry_types.go +++ /dev/null @@ -1,529 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// Location specifies whether the service is part of Istio mesh or -// outside the mesh. Location determines the behavior of several -// features, such as service-to-service mTLS authentication, policy -// enforcement, etc. When communicating with services outside the mesh, -// Istio's mTLS authentication is disabled, and policy enforcement is -// performed on the client-side as opposed to server-side. -type ServiceEntryLocation string - -const ( - // Signifies that the service is external to the mesh. Typically used - // to indicate external services consumed through APIs. - MeshExternal ServiceEntryLocation = "MESH_EXTERNAL" - - // Signifies that the service is part of the mesh. Typically used to - // indicate services added explicitly as part of expanding the service - // mesh to include unmanaged infrastructure (e.g., VMs added to a - // Kubernetes based service mesh). - MeshInternal ServiceEntryLocation = "MESH_INTERNAL" -) - -// Resolution determines how the proxy will resolve the IP addresses of -// the network endpoints associated with the service, so that it can -// route to one of them. The resolution mode specified here has no impact -// on how the application resolves the IP address associated with the -// service. The application may still have to use DNS to resolve the -// service to an IP so that the outbound traffic can be captured by the -// Proxy. Alternatively, for HTTP services, the application could -// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to -// talk to these services. -type ServiceEntryResolution string - -const ( - // Assume that incoming connections have already been resolved (to a - // specific destination IP address). Such connections are typically - // routed via the proxy using mechanisms such as IP table REDIRECT/ - // eBPF. After performing any routing related transformations, the - // proxy will forward the connection to the IP address to which the - // connection was bound. - NONE ServiceEntryResolution = "NONE" - - // Use the static IP addresses specified in endpoints (see below) as the - // backing instances associated with the service. - STATIC ServiceEntryResolution = "STATIC" - - // Attempt to resolve the IP address by querying the ambient DNS, - // during request processing. If no endpoints are specified, the proxy - // will resolve the DNS address specified in the hosts field, if - // wildcards are not used. If endpoints are specified, the DNS - // addresses specified in the endpoints will be resolved to determine - // the destination IP address. DNS resolution cannot be used with Unix - // domain socket endpoints. - DNS ServiceEntryResolution = "DNS" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// `ServiceEntry` enables adding additional entries into Istio's internal -// service registry, so that auto-discovered services in the mesh can -// access/route to these manually specified services. A service entry -// describes the properties of a service (DNS name, VIPs, ports, protocols, -// endpoints). These services could be external to the mesh (e.g., web -// APIs) or mesh-internal services that are not part of the platform's -// service registry (e.g., a set of VMs talking to services in Kubernetes). -// -// The following example declares a few external APIs accessed by internal -// applications over HTTPS. The sidecar inspects the SNI value in the -// ClientHello message to route to the appropriate external service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// -// The following configuration adds a set of MongoDB instances running on -// unmanaged VMs to Istio's registry, so that these services can be treated -// as any other service in the mesh. The associated DestinationRule is used -// to initiate mTLS connections to the database instances. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// -// and the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following example uses a combination of service entry and TLS -// routing in a virtual service to steer traffic based on the SNI value to -// an internal egress firewall. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// -// And the associated VirtualService to route based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// -// The virtual service with TLS match serves to override the default SNI -// match. In the absence of a virtual service, traffic will be forwarded to -// the wikipedia domains. -// -// The following example demonstrates the use of a dedicated egress gateway -// through which all external service traffic is forwarded. -// The 'exportTo' field allows for control over the visibility of a service -// declaration to other namespaces in the mesh. By default, a service is exported -// to all namespaces. The following example restricts the visibility to the -// current namespace, represented by ".", so that it cannot be used by other -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - httpbin.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// -// Define a gateway to handle all egress traffic. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// -// And the associated `VirtualService` to route from the sidecar to the -// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as -// well as route from the gateway to the external service. Note that the -// virtual service is exported to all namespaces enabling them to route traffic -// through the gateway to the external service. Forcing traffic to go through -// a managed middle proxy like this is a common practice. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - httpbin.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: httpbin.com -// ``` -// -// The following example demonstrates the use of wildcards in the hosts for -// external services. If the connection has to be routed to the IP address -// requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the discovery mode must be set to `NONE`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// -// The following example demonstrates a service that is available via a -// Unix Domain Socket on the host of the client. The resolution must be -// set to STATIC to use Unix address endpoints. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// -// For HTTP-based services, it is possible to create a `VirtualService` -// backed by multiple DNS addressable endpoints. In such a scenario, the -// application can use the `HTTP_PROXY` environment variable to transparently -// reroute API calls for the `VirtualService` to a chosen backend. For -// example, the following configuration creates a non-existent external -// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, -// uk.foo.bar.com:9080, and in.foo.bar.com:7080 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// https: 8080 -// - address: uk.foo.bar.com -// ports: -// https: 9080 -// - address: in.foo.bar.com -// ports: -// https: 7080 -// ``` -// -// With `HTTP_PROXY=http://localhost/`, calls from the application to -// `http://foo.bar.com` will be load balanced across the three domains -// specified above. In other words, a call to `http://foo.bar.com/baz` would -// be translated to `http://uk.foo.bar.com/baz`. -// -// The following example illustrates the usage of a `ServiceEntry` -// containing a subject alternate name -// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - httpbin.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -type ServiceEntry struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ServiceEntrySpec `json:"spec"` -} - -type ServiceEntrySpec struct { - // REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS - // name with wildcard prefix. - // - // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. - // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. - // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value - // will be matched against the hosts field. - // - // Note that when resolution is set to type DNS - // and no endpoints are specified, the host field will be used as the DNS name - // of the endpoint to route traffic to. - Hosts []string `json:"hosts,omitempty"` - - // The virtual IP addresses associated with the service. Could be CIDR - // prefix. For HTTP traffic, generated route configurations will include http route - // domains for both the `addresses` and `hosts` field values and the destination will - // be identified based on the HTTP Host/Authority header. - // If one or more IP addresses are specified, - // the incoming traffic will be identified as belonging to this service - // if the destination IP matches the IP/CIDRs specified in the addresses - // field. If the Addresses field is empty, traffic will be identified - // solely based on the destination port. In such scenarios, the port on - // which the service is being accessed must not be shared by any other - // service in the mesh. In other words, the sidecar will behave as a - // simple TCP proxy, forwarding incoming traffic on a specified port to - // the specified destination endpoint IP/host. Unix domain socket - // addresses are not supported in this field. - Addresses []string `json:"addresses,omitempty"` - - // REQUIRED. The ports associated with the external service. If the - // Endpoints are Unix domain socket addresses, there must be exactly one - // port. - Ports []*Port `json:"ports,omitempty"` - - // Specify whether the service should be considered external to the mesh - // or part of the mesh. - Location *ServiceEntryLocation `json:"location,omitempty"` - - // REQUIRED: Service discovery mode for the hosts. Care must be taken - // when setting the resolution mode to NONE for a TCP port without - // accompanying IP addresses. In such cases, traffic to any IP on - // said port will be allowed (i.e. 0.0.0.0:). - Resolution *ServiceEntryResolution `json:"resolution,omitempty"` - - // One or more endpoints associated with the service. - Endpoints []*ServiceEntryEndpoint `json:"endpoints,omitempty"` - - // A list of namespaces to which this service is exported. Exporting a service - // allows it to be used by sidecars, gateways and virtual services defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of services across - // namespace boundaries. - // - // If no namespaces are specified then the service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // For a Kubernetes Service, the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/exportTo" to a comma-separated list - // of namespace names. - // - // NOTE: in the current release, the `exportTo` value is restricted to - // "." or "*" (i.e., the current namespace or all namespaces). - ExportTo []string `json:"exportTo,omitempty"` - - // The list of subject alternate names allowed for workload instances that - // implement this service. This information is used to enforce - // [secure-naming](https://istio.io/docs/concepts/security/#secure-naming). - // If specified, the proxy will verify that the server - // certificate's subject alternate name matches one of the specified values. - SubjectAltNames []string `json:"subjectAltNames,omitempty"` -} - -// Endpoint defines a network address (IP or hostname) associated with -// the mesh service. -type ServiceEntryEndpoint struct { - // REQUIRED: Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - Address *string `json:"address,omitempty"` - - // Set of ports associated with the endpoint. The ports must be - // associated with a port name that was declared as part of the - // service. Do not use for `unix://` addresses. - Ports map[string]uint32 `json:"ports,omitempty"` - - // One or more labels associated with the endpoint. - Labels map[string]string `json:"labels,omitempty"` - - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // AUTO_PASSTHROUGH mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. - Network *string `json:"network,omitempty"` - - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - Locality *string `json:"locality,omitempty"` - - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - Weight *uint32 `json:"weight,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// ServiceEntryList is a list of ServiceEntry resources -type ServiceEntryList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []ServiceEntry `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/sidecar_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/sidecar_types.go deleted file mode 100644 index 8309178f7..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/sidecar_types.go +++ /dev/null @@ -1,410 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Sidecar describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the -// necessary configuration required to reach every workload instance in the mesh, as -// well as accept traffic on all the ports associated with the -// workload. The `SidecarSpec` configuration provides a way to fine tune the set of -// ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. -// -// Services and configuration in a mesh are organized into one or more -// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `SidecarSpec` -// configuration in a namespace will apply to one or more workload instances in the same -// namespace, selected using the `workloadSelector` field. In the absence of a -// `workloadSelector`, it will apply to all workload instances in the same -// namespace. When determining the `SidecarSpec` configuration to be applied to a -// workload instance, preference will be given to the resource with a -// `workloadSelector` that selects this workload instance, over a `SidecarSpec` configuration -// without any `workloadSelector`. -// -// NOTE 1: *_Each namespace can have only one `SidecarSpec` configuration without any -// `workloadSelector`_*. The behavior of the system is undefined if more -// than one selector-less `SidecarSpec` configurations exist in a given namespace. The -// behavior of the system is undefined if two or more `SidecarSpec` configurations -// with a `workloadSelector` select the same workload instance. -// -// NOTE 2: *_A `SidecarSpec` configuration in the `MeshConfig` -// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) -// will be applied by default to all namespaces without a `SidecarSpec` -// configuration_*. This global default `SidecarSpec` configuration should not have -// any `workloadSelector`. -// -// The example below declares a global default `SidecarSpec` configuration in the -// root namespace called `istio-config`, that configures sidecars in -// all namespaces to allow egress traffic only to other workloads in -// the same namespace, and to services in the `istio-system` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: SidecarSpec -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -//``` -// -// The example below declares a `SidecarSpec` configuration in the `prod-us1` -// namespace that overrides the global default defined above, and -// configures the sidecars in the namespace to allow egress traffic to -// public services in the `prod-us1`, `prod-apis`, and the `istio-system` -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: SidecarSpec -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// -// The example below declares a `SidecarSpec` configuration in the `prod-us1` namespace -// that accepts inbound HTTP traffic on port 9080 and forwards -// it to the attached workload instance listening on a Unix domain socket. In the -// egress direction, in addition to the `istio-system` namespace, the sidecar -// proxies only HTTP traffic bound for port 9080 for services in the -// `prod-us1` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: SidecarSpec -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// -// If the workload is deployed without IPTables-based traffic capture, the -// `SidecarSpec` configuration is the only way to configure the ports on the proxy -// attached to the workload instance. The following example declares a `SidecarSpec` -// configuration in the `prod-us1` namespace for all pods with labels -// `app: productpage` belonging to the `productpage.prod-us1` service. Assuming -// that these pods are deployed without IPtable rules (i.e. the `istio-init` -// container) and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to -// `NONE`, the specification, below, allows such pods to receive HTTP traffic -// on port 9080 and forward it to the application listening on -// `127.0.0.1:8080`. It also allows the application to communicate with a -// backing MySQL database on `127.0.0.1:3306`, that then gets proxied to the -// externally hosted MySQL service at `mysql.foo.com:3306`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: SidecarSpec -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// -// And the associated service entry for routing to `mysql.foo.com:3306` -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// -// It is also possible to mix and match traffic capture modes in a single -// proxy. For example, consider a setup where internal services are on the -// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all -// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an -// additional network interface on `172.16.0.0/16` subnet for inbound -// traffic. The following `SidecarSpec` configuration allows the VM to expose a -// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the -// `172.16.0.0/16` subnet. Note that in this scenario, the -// `ISTIO_META_INTERCEPTION_MODE` metadata on the proxy in the VM should -// contain `REDIRECT` or `TPROXY` as its value, implying that IP tables -// based traffic capture is active. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: SidecarSpec -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -type Sidecar struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec SidecarSpec `json:"spec"` -} - -// SidecarSpec describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication of the workload instance to which it is -// attached. -type SidecarSpec struct { - // Criteria used to select the specific set of pods/VMs on which this - // `SidecarSpec` configuration should be applied. If omitted, the `SidecarSpec` - // configuration will be applied to all workload instances in the same namespace. - WorkloadSelector *WorkloadSelector `json:"workloadSelector,omitempty"` - // Ingress specifies the configuration of the sidecar for processing - // inbound traffic to the attached workload instance. If omitted, Istio will - // automatically configure the sidecar based on the information about the workload - // obtained from the orchestration platform (e.g., exposed ports, services, - // etc.). If specified, inbound ports are configured if and only if the - // workload instance is associated with a service. - Ingress []*IstioIngressListener `json:"ingress,omitempty"` - // Egress specifies the configuration of the sidecar for processing - // outbound traffic from the attached workload instance to other services in the - // mesh. - Egress []*IstioEgressListener `json:"egress"` - // This allows to configure the outbound traffic policy. - // If your application uses one or more external - // services that are not known apriori, setting the policy to `ALLOW_ANY` - // will cause the sidecars to route any unknown traffic originating from - // the application to its requested destination. - OutboundTrafficPolicy *OutboundTrafficPolicy `json:"outboundTrafficPolicy,omitempty"` -} - -// `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. -type OutboundTrafficPolicy struct { - Mode *OutboundTrafficPolicyMode `json:"mode,omitempty"` -} - -type OutboundTrafficPolicyMode string - -const ( - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. - OutboundTrafficPolicyRegistryOnly OutboundTrafficPolicyMode = "REGISTRY_ONLY" - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. - OutboundTrafficPolicyAllowAny OutboundTrafficPolicyMode = "ALLOW_ANY" -) - -// IstioIngressListener specifies the properties of an inbound -// traffic listener on the sidecar proxy attached to a workload instance. -type IstioIngressListener struct { - // The port associated with the listener. - Port *Port `json:"port"` - // The IP to which the listener should be bound. Must be in the - // format `x.x.x.x`. Unix domain socket addresses are not allowed in - // the bind field for ingress listeners. If omitted, Istio will - // automatically configure the defaults based on imported services - // and the workload instances to which this configuration is applied - // to. - Bind string `json:"bind,omitempty"` - // The captureMode option dictates how traffic to the listener is - // expected to be captured (or not). - CaptureMode CaptureMode `json:"captureMode,omitempty"` - // The loopback IP endpoint or Unix domain socket to which - // traffic should be forwarded to. This configuration can be used to - // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` - // or Unix domain socket where the application workload instance is listening for - // connections. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket` - DefaultEndpoint string `json:"defaultEndpoint"` -} - -// IstioEgressListener specifies the properties of an outbound traffic -// listener on the sidecar proxy attached to a workload instance. -type IstioEgressListener struct { - // The port associated with the listener. If using Unix domain socket, - // use 0 as the port number, with a valid protocol. The port if - // specified, will be used as the default destination port associated - // with the imported hosts. If the port is omitted, Istio will infer the - // listener ports based on the imported hosts. Note that when multiple - // egress listeners are specified, where one or more listeners have - // specific ports while others have no port, the hosts exposed on a - // listener port will be based on the listener with the most specific - // port. - Port *Port `json:"port,omitempty"` - // The IP or the Unix domain socket to which the listener should be bound - // to. Port MUST be specified if bind is not empty. Format: `x.x.x.x` or - // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If - // omitted, Istio will automatically configure the defaults based on imported - // services, the workload instances to which this configuration is applied to and - // the captureMode. If captureMode is `NONE`, bind will default to - // 127.0.0.1. - Bind string `json:"bind,omitempty"` - // When the bind address is an IP, the captureMode option dictates - // how traffic to the listener is expected to be captured (or not). - // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. - CaptureMode CaptureMode `json:"captureMode,omitempty"` - // One or more service hosts exposed by the listener - // in `namespace/dnsName` format. Services in the specified namespace - // matching `dnsName` will be exposed. - // The corresponding service can be a service in the service registry - // (e.g., a Kubernetes or cloud foundry service) or a service specified - // using a `ServiceEntry` or `VirtualService` configuration. Any - // associated `DestinationRule` in the same namespace will also be used. - // - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all services from the specified namespace - // (e.g., `prod/*`). - // - // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, - // or no namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. If a host is set to `*/*`, - // Istio will configure the sidecar to be able to reach every service in the - // mesh that is exported to the sidecar's namespace. The value `~/*` can be used - // to completely trim the configuration for sidecars that simply receive traffic - // and respond, but make no outbound connections of their own. - // - // NOTE: Only services and configuration artifacts exported to the sidecar's - // namespace (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will - // not be available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - // - // **WARNING:** The list of egress hosts in a `SidecarSpec` must also include - // the Mixer control plane services if they are enabled. Envoy will not - // be able to reach them otherwise. For example, add host - // `istio-system/istio-telemetry.istio-system.svc.cluster.local` if telemetry - // is enabled, `istio-system/istio-policy.istio-system.svc.cluster.local` if - // policy is enabled, or add `istio-system/*` to allow all services in the - // `istio-system` namespace. This requirement is temporary and will be removed - // in a future Istio release. - Hosts []string `json:"hosts"` -} - -// WorkloadSelector specifies the criteria used to determine if the `Gateway`, -// `SidecarSpec`, or `EnvoyFilter` configuration can be applied to a proxy. The matching criteria -// includes the metadata associated with a proxy, workload instance info such as -// labels attached to the pod/VM, or any other info that the proxy provides -// to Istio during the initial handshake. If multiple conditions are -// specified, all conditions need to match in order for the workload instance to be -// selected. Currently, only label based selection mechanism is supported. -type WorkloadSelector struct { - // One or more labels that indicate a specific set of pods/VMs - // on which this `SidecarSpec` configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. - Labels map[string]string `json:"labels"` -} - -// CaptureMode describes how traffic to a listener is expected to be -// captured. Applicable only when the listener is bound to an IP. -type CaptureMode string - -const ( - // The default capture mode defined by the environment. - CaptureModeDefault CaptureMode = "DEFAULT" - // Capture traffic using IPtables redirection. - CaptureModeIPTables CaptureMode = "IPTABLES" - // No traffic capture. When used in an egress listener, the application is - // expected to explicitly communicate with the listener port or Unix - // domain socket. When used in an ingress listener, care needs to be taken - // to ensure that the listener port is not in use by other processes on - // the host. - CaptureModeNone CaptureMode = "NONE" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SidecarList is a list of Sidecar resources -type SidecarList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Sidecar `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/virtualservice_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/virtualservice_types.go deleted file mode 100644 index b0c306bef..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/virtualservice_types.go +++ /dev/null @@ -1,1120 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1" -) - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration affecting traffic routing. Here are a few terms useful to define -// in the context of traffic routing. -// -// `Service` a unit of application behavior bound to a unique name in a -// service registry. Services consist of multiple network *endpoints* -// implemented by workload instances running on pods, containers, VMs etc. -// -// `Service versions (a.k.a. subsets)` - In a continuous deployment -// scenario, for a given service, there can be distinct subsets of -// instances running different variants of the application binary. These -// variants are not necessarily different API versions. They could be -// iterative changes to the same service, deployed in different -// environments (prod, staging, dev, etc.). Common scenarios where this -// occurs include A/B testing, canary rollouts, etc. The choice of a -// particular version can be decided based on various criterion (headers, -// url, etc.) and/or by weights assigned to each version. Each service has -// a default version consisting of all its instances. -// -// `Source` - A downstream client calling a service. -// -// `Host` - The address used by a client when attempting to connect to a -// service. -// -// `Access model` - Applications address only the destination service -// (Host) without knowledge of individual service versions (subsets). The -// actual choice of the version is determined by the proxy/sidecar, enabling the -// application code to decouple itself from the evolution of dependent -// services. -// -// A `VirtualService` defines a set of traffic routing rules to apply when a host is -// addressed. Each routing rule defines matching criteria for traffic of a specific -// protocol. If the traffic is matched, then it is sent to a named destination service -// (or subset/version of it) defined in the registry. -// -// The source of traffic can also be matched in a routing rule. This allows routing -// to be customized for specific client contexts. -// -// The following example on Kubernetes, routes all HTTP traffic by default to -// pods of the reviews service with label "version: v1". In addition, -// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will -// be rewritten to /newcatalog and sent to pods with label "version: v2". -// -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// -// A subset/version of a route destination is identified with a reference -// to a named service subset which must be declared in a corresponding -// `DestinationRule`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -type VirtualService struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec VirtualServiceSpec `json:"spec"` -} - -// Configuration affecting traffic routing. -type VirtualServiceSpec struct { - // REQUIRED. The destination hosts to which traffic is being sent. Could - // be a DNS name with wildcard prefix or an IP address. Depending on the - // platform, short-names can also be used instead of a FQDN (i.e. has no - // dots in the name). In such a scenario, the FQDN of the host would be - // derived based on the underlying platform. - // - // A single VirtualService can be used to describe all the traffic - // properties of the corresponding hosts, including those for multiple - // HTTP and TCP ports. Alternatively, the traffic properties of a host - // can be defined using more than one VirtualService, with certain - // caveats. Refer to the - // [Operations Guide](https://istio.io/docs/ops/traffic-management/deploy-guidelines/#multiple-virtual-services-and-destination-rules-for-the-same-host) - // for details. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // The hosts field applies to both HTTP and TCP services. Service inside - // the mesh, i.e., those found in the service registry, must always be - // referred to using their alphanumeric names. IP addresses are allowed - // only for services defined via the Gateway. - Hosts []string `json:"hosts"` - - // The names of gateways and sidecars that should apply these routes. A - // single VirtualService is used for sidecars inside the mesh as well as - // for one or more gateways. The selection condition imposed by this - // field can be overridden using the source field in the match conditions - // of protocol-specific routes. The reserved word `mesh` is used to imply - // all the sidecars in the mesh. When this field is omitted, the default - // gateway (`mesh`) will be used, which would apply the rule to all - // sidecars in the mesh. If a list of gateway names is provided, the - // rules will apply only to the gateways. To apply the rules to both - // gateways and sidecars, specify `mesh` as one of the gateway names. - Gateways []string `json:"gateways,omitempty"` - - // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports named 'http-*'/'http2-*'/'grpc-*', gateway - // ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service - // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching - // an incoming request is used. - HTTP []HTTPRoute `json:"http,omitempty"` - - // An ordered list of route rule for non-terminated TLS & HTTPS - // traffic. Routing is typically performed using the SNI value presented - // by the ClientHello message. TLS routes will be applied to platform - // service ports named 'https-*', 'tls-*', unterminated gateway ports using - // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service - // entry ports using HTTPS/TLS protocols. The first rule matching an - // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports - // without associated virtual service will be treated as opaque TCP - // traffic. - TLS []TLSRoute `json:"tls,omitempty"` - - // An ordered list of route rules for opaque TCP traffic. TCP routes will - // be applied to any port that is not a HTTP or TLS port. The first rule - // matching an incoming request is used. - TCP []TCPRoute `json:"tcp,omitempty"` - - // A list of namespaces to which this virtual service is exported. Exporting a - // virtual service allows it to be used by sidecars and gateways defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of virtual services - // across namespace boundaries. - // - // If no namespaces are specified then the virtual service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the virtual service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // NOTE: in the current release, the `exportTo` value is restricted to - // "." or "*" (i.e., the current namespace or all namespaces). - ExportTo []string `json:"exportTo,omitempty"` -} - -// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and -// gRPC traffic. See VirtualService for usage examples. -type HTTPRoute struct { - // The name assigned to the route for debugging purposes. The - // route's name will be concatenated with the match's name and will - // be logged in the access logs for requests matching this - // route/match. - Name *string `json:"name,omitempty"` - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*HTTPMatchRequest `json:"match,omitempty"` - - // A http rule can either redirect or forward (default) traffic. The - // forwarding target can be one of several versions of a service (see - // glossary in beginning of document). Weights associated with the - // service version determine the proportion of traffic it receives. - Route []*HTTPRouteDestination `json:"route,omitempty"` - - // A http rule can either redirect or forward (default) traffic. If - // traffic passthrough option is specified in the rule, - // route/redirect will be ignored. The redirect primitive can be used to - // send a HTTP 301 redirect to a different URI or Authority. - Redirect *HTTPRedirect `json:"redirect,omitempty"` - - // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with - // Redirect primitive. Rewrite will be performed before forwarding. - Rewrite *HTTPRewrite `json:"rewrite,omitempty"` - - // Timeout for HTTP requests. - Timeout *string `json:"timeout,omitempty"` - - // Retry policy for HTTP requests. - Retries *HTTPRetry `json:"retries,omitempty"` - - // Fault injection policy to apply on HTTP traffic at the client side. - // Note that timeouts or retries will not be enabled when faults are - // enabled on the client side. - Fault *HTTPFaultInjection `json:"fault,omitempty"` - - // Mirror HTTP traffic to a another destination in addition to forwarding - // the requests to the intended destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored cluster to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Mirror *Destination `json:"mirror,omitempty"` - - // Percentage of the traffic to be mirrored by the `mirror` field. - // Use of integer `mirror_percent` value is deprecated. Use the - // double `mirror_percentage` field instead - MirrorPercent *uint32 `json:"mirrorPercent,omitempty"` - - // Percentage of the traffic to be mirrored by the `mirror` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - MirrorPercentage *Percentage `json:"mirrorPercentage,omitempty"` - - // Cross-Origin Resource Sharing policy (CORS). Refer to - // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - // for further details about cross origin resource sharing. - CorsPolicy *CorsPolicy `json:"corsPolicy,omitempty"` - - // Header manipulation rules - Headers *Headers `json:"headers,omitempty"` -} - -// Message headers can be manipulated when Envoy forwards requests to, -// or responses from, a destination service. Header manipulation rules can -// be specified for a specific route destination or for all destinations. -// The following VirtualService adds a `test` header with the value `true` -// to requests that are routed to any `reviews` service destination. -// It also romoves the `foo` response header, but only from responses -// coming from the `v1` subset (version) of the `reviews` service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: true -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// ``` -type Headers struct { - // Header manipulation rules to apply before forwarding a request - // to the destination service - Request *HeaderOperations `json:"request,omitempty"` - - // Header manipulation rules to apply before returning a response - // to the caller - Response *HeaderOperations `json:"response,omitempty"` -} - -// HeaderOperations Describes the header manipulations to apply -type HeaderOperations struct { - // Overwrite the headers specified by key with the given values - Set map[string]string `json:"set,omitempty"` - - // Append the given values to the headers specified by keys - // (will create a comma-separated list of values) - Add map[string]string `json:"add,omitempty"` - - // Remove a the specified headers - Remove []string `json:"remove,omitempty"` -} - -// HttpMatchRequest specifies a set of criterion to be met in order for the -// rule to be applied to the HTTP request. For example, the following -// restricts the rule to match only requests where the URL path -// starts with /ratings/v2/ and the request contains a custom `end-user` header -// with value `jason`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// ``` -// -// HTTPMatchRequest CANNOT be empty. -type HTTPMatchRequest struct { - // The name assigned to a match. The match's name will be - // concatenated with the parent route's name and will be logged in - // the access logs for requests matching this route. - Name *string `json:"name,omitempty"` - - // URI to match - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for ECMAscript style regex-based match - // - // **Note:** Case-insensitive matching could be enabled via the - // `ignore_uri_case` flag. - URI *v1alpha1.StringMatch `json:"uri,omitempty"` - - // URI Scheme - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for ECMAscript style regex-based match - // - Scheme *v1alpha1.StringMatch `json:"scheme,omitempty"` - - // HTTP Method - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for ECMAscript style regex-based match - // - Method *v1alpha1.StringMatch `json:"method,omitempty"` - - // HTTP Authority - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for ECMAscript style regex-based match - // - Authority *v1alpha1.StringMatch `json:"authority,omitempty"` - - // The header keys must be lowercase and use hyphen as the separator, - // e.g. _x-request-id_. - // - // Header values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for ECMAscript style regex-based match - // - // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - Headers map[string]v1alpha1.StringMatch `json:"headers,omitempty"` - - // Specifies the ports on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port *uint32 `json:"port,omitempty"` - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified at the top, it must include the reserved gateway - // `mesh` for this field to be applicable. - SourceLabels map[string]string `json:"sourceLabels,omitempty"` - - // Query parameters for matching. - // - // Ex: - // - For a query parameter like "?key=true", the map key would be "key" and - // the string match could be defined as `exact: "true"`. - // - For a query parameter like "?key", the map key would be "key" and the - // string match could be defined as `exact: ""`. - // - For a query parameter like "?key=123", the map key would be "key" and the - // string match could be defined as `regex: "\d+$"`. Note that this - // configuration will only match values like "123" but not "a123" or "123a". - // - // **Note:** `prefix` matching is currently not supported. - QueryParams map[string]*v1alpha1.StringMatch `json:"queryParams,omitempty"` - - // Flag to specify whether the URI matching should be case-insensitive. - // - // **Note:** The case will be ignored only in the case of `exact` and `prefix` - // URI matches. - IgnoreURICase *bool `json:"ignoreUriCase,omitempty"` -} - -// Each routing rule is associated with one or more service versions (see -// glossary in beginning of document). Weights associated with the version -// determine the proportion of traffic it receives. For example, the -// following rule will route 25% of traffic for the "reviews" service to -// instances with the "v2" tag and the remaining traffic (i.e., 75%) to -// "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// Traffic can also be split across two entirely different services without -// having to define new subsets. For example, the following rule forwards 25% of -// traffic to reviews.com to dev.reviews.com -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route-two-domains -// spec: -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// ``` -type HTTPRouteDestination struct { - // REQUIRED. Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `json:"destination"` - - // REQUIRED. The proportion of traffic to be forwarded to the service - // version. (0-100). Sum of weights across destinations SHOULD BE == 100. - // If there is only one destination in a rule, the weight value is assumed to - // be 100. - Weight *int `json:"weight,omitempty"` - - // Header manipulation rules - Headers *Headers `json:"headers,omitempty"` -} - -// L4 routing rule weighted destination. -type RouteDestination struct { - // REQUIRED. Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `json:"destination"` - - // REQUIRED. The proportion of traffic to be forwarded to the service - // version. (0-100). Sum of weights across destinations SHOULD BE == 100. - // If there is only one destination in a rule, the weight value is assumed to - // be 100. - Weight *int `json:"weight,omitempty"` -} - -// Destination indicates the network addressable service to which the -// request/connection will be sent after processing a routing rule. The -// destination.host should unambiguously refer to a service in the service -// registry. Istio's service registry is composed of all the services found -// in the platform's service registry (e.g., Kubernetes services, Consul -// services), as well as services declared through the -// [ServiceEntry](https://istio.io/docs/reference/config/networking/v1beta1/service-entry/#ServiceEntry) resource. -// -// *Note for Kubernetes users*: When short names are used (e.g. "reviews" -// instead of "reviews.default.svc.cluster.local"), Istio will interpret -// the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews will be -// interpreted as "reviews.default.svc.cluster.local", irrespective of the -// actual namespace associated with the reviews service. _To avoid potential -// misconfigurations, it is recommended to always use fully qualified -// domain names over short names._ -// -// The following Kubernetes example routes all traffic by default to pods -// of the reviews service with label "version: v1" (i.e., subset v1), and -// some to subset v2, in a Kubernetes environment. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// namespace: foo -// spec: -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// namespace: foo -// spec: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// The following VirtualService sets a timeout of 5s for all calls to -// productpage.prod.svc.cluster.local service in Kubernetes. Notice that -// there are no subsets defined in this rule. Istio will fetch all -// instances of productpage.prod.svc.cluster.local service from the service -// registry and populate the sidecar's load balancing pool. Also, notice -// that this rule is set in the istio-system namespace but uses the fully -// qualified domain name of the productpage service, -// productpage.prod.svc.cluster.local. Therefore the rule's namespace does -// not have an impact in resolving the name of the productpage service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-productpage-rule -// namespace: istio-system -// spec: -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// ``` -// -// To control routing for traffic bound to services outside the mesh, external -// services must first be added to Istio's internal service registry using the -// ServiceEntry resource. VirtualServices can then be defined to control traffic -// bound to these external services. For example, the following rules define a -// Service for wikipedia.org and set a timeout of 5s for http requests. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wikipedia -// spec: -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-wiki-rule -// spec: -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// ``` -type Destination struct { - // REQUIRED. The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/v1beta1/service-entry/#ServiceEntry). Traffic forwarded to - // destinations that are not found in either of the two, will be dropped. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - Host string `json:"host"` - - // The name of a subset within the service. Applicable only to services - // within the mesh. The subset must be defined in a corresponding - // DestinationRule. - Subset *string `json:"subset,omitempty"` - - // Specifies the port on the host that is being addressed. If a service - // exposes only a single port it is not required to explicitly select the - // port. - Port *PortSelector `json:"port,omitempty"` -} - -// PortSelector specifies the number of a port to be used for -// matching or selection for final routing. -type PortSelector struct { - // Valid port number - Number uint32 `json:"number"` -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-Mongo -// spec: -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// ``` -type TCPRoute struct { - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []L4MatchAttributes `json:"match"` - - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `json:"route"` -} - -// Describes match conditions and actions for routing unterminated TLS -// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS -// traffic arriving at port 443 of gateway called mygateway to internal -// services in the mesh based on the SNI value. -// -// ```yaml -// kind: VirtualService -// metadata: -// name: bookinfo-sni -// spec: -// hosts: -// - '*.bookinfo.com' -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// ``` -type TLSRoute struct { - // REQUIRED. Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []TLSMatchAttributes `json:"match"` - - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `json:"route"` -} - -// L4 connection match attributes. Note that L4 connection matching support -// is incomplete. -type L4MatchAttributes struct { - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `json:"destinationSubnets,omitempty"` - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port *int `json:"port,omitempty"` - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified at the top, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `json:"sourceLabels,omitempty"` - - // Names of gateways where the rule should be applied to. Gateway names - // at the top of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `json:"gateways,omitempty"` -} - -// TLS connection match attributes. -type TLSMatchAttributes struct { - // REQUIRED. SNI (server name indicator) to match on. Wildcard prefixes - // can be used in the SNI value, e.g., *.com will match foo.example.com - // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual serivce's hosts. - SniHosts []string `json:"sniHosts"` - - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `json:"destinationSubnets,omitempty"` - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port *int `json:"port,omitempty"` - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified at the top, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `json:"sourceLabels,omitempty"` - - // Names of gateways where the rule should be applied to. Gateway names - // at the top of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `json:"gateways,omitempty"` -} - -// HTTPRedirect can be used to send a 301 redirect response to the caller, -// where the Authority/Host and the URI in the response can be swapped with -// the specified values. For example, the following rule redirects -// requests for /v1/getProductRatings API on the ratings service to -// /v1/bookRatings provided by the bookratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// ``` -type HTTPRedirect struct { - // On a redirect, overwrite the Path portion of the URL with this - // value. Note that the entire path will be replaced, irrespective of the - // request URI being matched as an exact path or prefix. - URI *string `json:"uri,omitempty"` - - // On a redirect, overwrite the Authority/Host portion of the URL with - // this value. - Authority *string `json:"authority,omitempty"` - - // On a redirect, Specifies the HTTP status code to use in the redirect - // response. The default response code is MOVED_PERMANENTLY (301). - RedirectCode *uint32 `json:"redirectCode,omitempty"` -} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// ``` -type HTTPRewrite struct { - // rewrite the path (or the prefix) portion of the URI with this - // value. If the original URI was matched based on prefix, the value - // provided in this field will replace the corresponding matched prefix. - URI *string `json:"uri,omitempty"` - - // rewrite the Authority/Host header with this value. - Authority *string `json:"authority,omitempty"` -} - -// Describes the retry policy to use when a HTTP request fails. For -// example, the following rule sets the maximum number of retries to 3 when -// calling ratings:v1 service, with a 2s timeout per retry attempt. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: gateway-error,connect-failure,refused-stream -// ``` -type HTTPRetry struct { - // REQUIRED. Number of retries for a given request. The interval - // between retries will be determined automatically (25ms+). Actual - // number of retries attempted depends on the httpReqTimeout. - Attempts int `json:"attempts"` - - // Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms. - PerTryTimeout string `json:"perTryTimeout"` - - // Specifies the conditions under which retry takes place. - // One or more policies can be specified using a ‘,’ delimited list. - // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) - // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. - RetryOn *string `json:"retryOn,omitempty"` -} - -// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given -// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) -// for further details about cross origin resource sharing. For example, -// the following rule restricts cross origin requests to those originating -// from example.com domain using HTTP POST/GET, and sets the -// `Access-Control-Allow-Credentials` header to false. In addition, it only -// exposes `X-Foo-bar` header and sets an expiry period of 1 day. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigin: -// - example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// ``` -type CorsPolicy struct { - // The list of origins that are allowed to perform CORS requests. The - // content will be serialized into the Access-Control-Allow-Origin - // header. Wildcard * will allow all origins. - AllowOrigin []string `json:"allowOrigin,omitempty"` - - // List of HTTP methods allowed to access the resource. The content will - // be serialized into the Access-Control-Allow-Methods header. - AllowMethods []string `json:"allowMethods,omitempty"` - - // List of HTTP headers that can be used when requesting the - // resource. Serialized to Access-Control-Allow-Methods header. - AllowHeaders []string `json:"allowHeaders,omitempty"` - - // A white list of HTTP headers that the browsers are allowed to - // access. Serialized into Access-Control-Expose-Headers header. - ExposeHeaders []string `json:"exposeHeaders,omitempty"` - - // Specifies how long the results of a preflight request can be - // cached. Translates to the `Access-Control-Max-Age` header. - MaxAge *string `json:"maxAge,omitempty"` - - // Indicates whether the caller is allowed to send the actual request - // (not the preflight) using credentials. Translates to - // `Access-Control-Allow-Credentials` header. - AllowCredentials *bool `json:"allowCredentials,omitempty"` -} - -// HTTPFaultInjection can be used to specify one or more faults to inject -// while forwarding http requests to the destination specified in a route. -// Fault specification is part of a VirtualService rule. Faults include -// aborting the Http request from downstream service, and/or delaying -// proxying of requests. A fault rule MUST HAVE delay or abort or both. -// -// *Note:* Delay and abort faults are independent of one another, even if -// both are specified simultaneously. -type HTTPFaultInjection struct { - // Delay requests before forwarding, emulating various failures such as - // network issues, overloaded upstream service, etc. - Delay *Delay `json:"delay,omitempty"` - - // Abort Http request attempts and return error codes back to downstream - // service, giving the impression that the upstream service is faulty. - Abort *Abort `json:"abort,omitempty"` -} - -// Delay specification is used to inject latency into the request -// forwarding path. The following example will introduce a 5 second delay -// in 1 out of every 1000 requests to the "v1" version of the "reviews" -// service from all pods with label env: prod -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - match: -// - sourceLabels: -// env: prod -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// fault: -// delay: -// percentage: -// value: 0.1 -// fixedDelay: 5s -// ``` -// -// The _fixedDelay_ field is used to indicate the amount of delay in seconds. -// The optional _percentage_ field can be used to only delay a certain -// percentage of requests. If left unspecified, all request will be delayed. -type Delay struct { - // REQUIRED. Add a fixed delay before forwarding the request. Format: - // 1h/1m/1s/1ms. MUST be >=1ms. - FixedDelay string `json:"fixedDelay"` - - // Percentage of requests on which the delay will be injected. - Percentage *Percentage `json:"percentage,omitempty"` -} - -// Abort specification is used to prematurely abort a request with a -// pre-specified error code. The following example will return an HTTP 400 -// error code for 1 out of every 1000 requests to the "ratings" service "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// fault: -// abort: -// percentage: -// value: 0.1 -// httpStatus: 400 -// ``` -// -// The _httpStatus_ field is used to indicate the HTTP status code to -// return to the caller. The optional _percentage_ field can be used to only -// abort a certain percentage of requests. If not specified, all requests are -// aborted. -type Abort struct { - // REQUIRED. HTTP status code to use to abort the Http request. - HTTPStatus int `json:"httpStatus"` - - // Percentage of requests on which the delay will be injected. - Percentage *Percentage `json:"percentage,omitempty"` -} - -// Percent specifies a percentage in the range of [0.0, 100.0]. -type Percentage struct { - Value float32 `json:"value"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// VirtualServiceList is a list of VirtualService resources -type VirtualServiceList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []VirtualService `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/workloadentry_types.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/workloadentry_types.go deleted file mode 100644 index 9bf2e8341..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/workloadentry_types.go +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright © 2020 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1beta1 - -import v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// WorkloadEntry -type WorkloadEntry struct { - v1.TypeMeta `json:",inline"` - v1.ObjectMeta `json:"metadata,omitempty"` - - // Spec defines the implementation of this definition. - Spec WorkloadEntrySpec `json:"spec"` -} - -// `WorkloadEntry` enables operators to describe the properties of a -// single non-Kubernetes workload such as a VM or a bare metal server -// as it is are onboarded into the mesh. A `WorkloadEntry` must be -// accompanied by an Istio `ServiceEntry` that selects the workload -// through the appropriate labels and provides the service definition -// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A -// `ServiceEntry` object can select multiple workload entries as well -// as Kubernetes pods based on the label selector specified in the -// service entry. -// -// When a workload connects to `istiod`, the status field in the -// custom resource will be updated to indicate the health of the -// workload along with other details, similar to how Kubernetes -// updates the status of a pod. -// -// The following example declares a workload entry representing a -// VM for the `details.bookinfo.com` service. This VM has -// sidecar installed and bootstrapped using the `details-legacy` -// service account. The sidecar receives HTTP traffic on port 80 -// (wrapped in istio mutual TLS) and forwards it to the application on -// the localhost on the same port. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// # ports if not specified will be the same as service ports -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// The following example declares the same VM workload using -// its fully qualified DNS name. The service entry's resolution -// mode should be changed to DNS to indicate that the client-side -// sidecars should dynamically resolve the DNS name at runtime before -// forwarding the request. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// # ports if not specified will be the same as service ports -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -type WorkloadEntrySpec struct { - // Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - Address string `json:"address"` - // Set of ports associated with the endpoint. The ports must be - // associated with a port name that was declared as part of the - // service. Do not use for `unix://` addresses. - Ports map[string]uint32 `json:"ports,omitempty"` - // One or more labels associated with the endpoint. - Labels map[string]string `json:"labels,omitempty"` - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. - Network string `json:"network,omitempty"` - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - Locality string `json:"locality,omitempty"` - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - Weight uint32 `json:"weight,omitempty"` - // The service account associated with the workload if a sidecar - // is present in the workload. The service account must be present - // in the same namespace as the configuration ( WorkloadEntry or a - // ServiceEntry) - ServiceAccount string `json:"serviceAccount,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// WorkloadEntryList is a collection of EnvoyFilters. -type WorkloadEntryList struct { - v1.TypeMeta `json:",inline"` - v1.ListMeta `json:"metadata"` - Items []WorkloadEntry `json:"items"` -} diff --git a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/zz_generated.deepcopy.go b/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 60351b991..000000000 --- a/third_party/github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,1955 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "github.com/banzaicloud/istio-client-go/pkg/common/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Abort) DeepCopyInto(out *Abort) { - *out = *in - if in.Percentage != nil { - in, out := &in.Percentage, &out.Percentage - *out = new(Percentage) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Abort. -func (in *Abort) DeepCopy() *Abort { - if in == nil { - return nil - } - out := new(Abort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { - *out = *in - if in.TCP != nil { - in, out := &in.TCP, &out.TCP - *out = new(TCPSettings) - (*in).DeepCopyInto(*out) - } - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(HTTPSettings) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. -func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsistentHashLB) DeepCopyInto(out *ConsistentHashLB) { - *out = *in - if in.HTTPHeaderName != nil { - in, out := &in.HTTPHeaderName, &out.HTTPHeaderName - *out = new(string) - **out = **in - } - if in.HTTPCookie != nil { - in, out := &in.HTTPCookie, &out.HTTPCookie - *out = new(HTTPCookie) - (*in).DeepCopyInto(*out) - } - if in.UseSourceIP != nil { - in, out := &in.UseSourceIP, &out.UseSourceIP - *out = new(bool) - **out = **in - } - if in.MinimumRingSize != nil { - in, out := &in.MinimumRingSize, &out.MinimumRingSize - *out = new(uint64) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHashLB. -func (in *ConsistentHashLB) DeepCopy() *ConsistentHashLB { - if in == nil { - return nil - } - out := new(ConsistentHashLB) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) { - *out = *in - if in.AllowOrigin != nil { - in, out := &in.AllowOrigin, &out.AllowOrigin - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllowMethods != nil { - in, out := &in.AllowMethods, &out.AllowMethods - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllowHeaders != nil { - in, out := &in.AllowHeaders, &out.AllowHeaders - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ExposeHeaders != nil { - in, out := &in.ExposeHeaders, &out.ExposeHeaders - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MaxAge != nil { - in, out := &in.MaxAge, &out.MaxAge - *out = new(string) - **out = **in - } - if in.AllowCredentials != nil { - in, out := &in.AllowCredentials, &out.AllowCredentials - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. -func (in *CorsPolicy) DeepCopy() *CorsPolicy { - if in == nil { - return nil - } - out := new(CorsPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Delay) DeepCopyInto(out *Delay) { - *out = *in - if in.Percentage != nil { - in, out := &in.Percentage, &out.Percentage - *out = new(Percentage) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Delay. -func (in *Delay) DeepCopy() *Delay { - if in == nil { - return nil - } - out := new(Delay) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Destination) DeepCopyInto(out *Destination) { - *out = *in - if in.Subset != nil { - in, out := &in.Subset, &out.Subset - *out = new(string) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(PortSelector) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. -func (in *Destination) DeepCopy() *Destination { - if in == nil { - return nil - } - out := new(Destination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. -func (in *DestinationRule) DeepCopy() *DestinationRule { - if in == nil { - return nil - } - out := new(DestinationRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DestinationRule) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DestinationRuleList) DeepCopyInto(out *DestinationRuleList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DestinationRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleList. -func (in *DestinationRuleList) DeepCopy() *DestinationRuleList { - if in == nil { - return nil - } - out := new(DestinationRuleList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DestinationRuleList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DestinationRuleSpec) DeepCopyInto(out *DestinationRuleSpec) { - *out = *in - if in.TrafficPolicy != nil { - in, out := &in.TrafficPolicy, &out.TrafficPolicy - *out = new(TrafficPolicy) - (*in).DeepCopyInto(*out) - } - if in.Subsets != nil { - in, out := &in.Subsets, &out.Subsets - *out = make([]Subset, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExportTo != nil { - in, out := &in.ExportTo, &out.ExportTo - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleSpec. -func (in *DestinationRuleSpec) DeepCopy() *DestinationRuleSpec { - if in == nil { - return nil - } - out := new(DestinationRuleSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Gateway) DeepCopyInto(out *Gateway) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. -func (in *Gateway) DeepCopy() *Gateway { - if in == nil { - return nil - } - out := new(Gateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Gateway) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatewayList) DeepCopyInto(out *GatewayList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Gateway, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList. -func (in *GatewayList) DeepCopy() *GatewayList { - if in == nil { - return nil - } - out := new(GatewayList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *GatewayList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatewaySpec) DeepCopyInto(out *GatewaySpec) { - *out = *in - if in.Servers != nil { - in, out := &in.Servers, &out.Servers - *out = make([]Server, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySpec. -func (in *GatewaySpec) DeepCopy() *GatewaySpec { - if in == nil { - return nil - } - out := new(GatewaySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPCookie) DeepCopyInto(out *HTTPCookie) { - *out = *in - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCookie. -func (in *HTTPCookie) DeepCopy() *HTTPCookie { - if in == nil { - return nil - } - out := new(HTTPCookie) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) { - *out = *in - if in.Delay != nil { - in, out := &in.Delay, &out.Delay - *out = new(Delay) - (*in).DeepCopyInto(*out) - } - if in.Abort != nil { - in, out := &in.Abort, &out.Abort - *out = new(Abort) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. -func (in *HTTPFaultInjection) DeepCopy() *HTTPFaultInjection { - if in == nil { - return nil - } - out := new(HTTPFaultInjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.URI != nil { - in, out := &in.URI, &out.URI - *out = new(v1alpha1.StringMatch) - **out = **in - } - if in.Scheme != nil { - in, out := &in.Scheme, &out.Scheme - *out = new(v1alpha1.StringMatch) - **out = **in - } - if in.Method != nil { - in, out := &in.Method, &out.Method - *out = new(v1alpha1.StringMatch) - **out = **in - } - if in.Authority != nil { - in, out := &in.Authority, &out.Authority - *out = new(v1alpha1.StringMatch) - **out = **in - } - if in.Headers != nil { - in, out := &in.Headers, &out.Headers - *out = make(map[string]v1alpha1.StringMatch, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(uint32) - **out = **in - } - if in.SourceLabels != nil { - in, out := &in.SourceLabels, &out.SourceLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.QueryParams != nil { - in, out := &in.QueryParams, &out.QueryParams - *out = make(map[string]*v1alpha1.StringMatch, len(*in)) - for key, val := range *in { - var outVal *v1alpha1.StringMatch - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = new(v1alpha1.StringMatch) - **out = **in - } - (*out)[key] = outVal - } - } - if in.IgnoreURICase != nil { - in, out := &in.IgnoreURICase, &out.IgnoreURICase - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. -func (in *HTTPMatchRequest) DeepCopy() *HTTPMatchRequest { - if in == nil { - return nil - } - out := new(HTTPMatchRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPRedirect) DeepCopyInto(out *HTTPRedirect) { - *out = *in - if in.URI != nil { - in, out := &in.URI, &out.URI - *out = new(string) - **out = **in - } - if in.Authority != nil { - in, out := &in.Authority, &out.Authority - *out = new(string) - **out = **in - } - if in.RedirectCode != nil { - in, out := &in.RedirectCode, &out.RedirectCode - *out = new(uint32) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. -func (in *HTTPRedirect) DeepCopy() *HTTPRedirect { - if in == nil { - return nil - } - out := new(HTTPRedirect) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPRetry) DeepCopyInto(out *HTTPRetry) { - *out = *in - if in.RetryOn != nil { - in, out := &in.RetryOn, &out.RetryOn - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. -func (in *HTTPRetry) DeepCopy() *HTTPRetry { - if in == nil { - return nil - } - out := new(HTTPRetry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) { - *out = *in - if in.URI != nil { - in, out := &in.URI, &out.URI - *out = new(string) - **out = **in - } - if in.Authority != nil { - in, out := &in.Authority, &out.Authority - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. -func (in *HTTPRewrite) DeepCopy() *HTTPRewrite { - if in == nil { - return nil - } - out := new(HTTPRewrite) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Match != nil { - in, out := &in.Match, &out.Match - *out = make([]*HTTPMatchRequest, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(HTTPMatchRequest) - (*in).DeepCopyInto(*out) - } - } - } - if in.Route != nil { - in, out := &in.Route, &out.Route - *out = make([]*HTTPRouteDestination, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(HTTPRouteDestination) - (*in).DeepCopyInto(*out) - } - } - } - if in.Redirect != nil { - in, out := &in.Redirect, &out.Redirect - *out = new(HTTPRedirect) - (*in).DeepCopyInto(*out) - } - if in.Rewrite != nil { - in, out := &in.Rewrite, &out.Rewrite - *out = new(HTTPRewrite) - (*in).DeepCopyInto(*out) - } - if in.Timeout != nil { - in, out := &in.Timeout, &out.Timeout - *out = new(string) - **out = **in - } - if in.Retries != nil { - in, out := &in.Retries, &out.Retries - *out = new(HTTPRetry) - (*in).DeepCopyInto(*out) - } - if in.Fault != nil { - in, out := &in.Fault, &out.Fault - *out = new(HTTPFaultInjection) - (*in).DeepCopyInto(*out) - } - if in.Mirror != nil { - in, out := &in.Mirror, &out.Mirror - *out = new(Destination) - (*in).DeepCopyInto(*out) - } - if in.MirrorPercent != nil { - in, out := &in.MirrorPercent, &out.MirrorPercent - *out = new(uint32) - **out = **in - } - if in.MirrorPercentage != nil { - in, out := &in.MirrorPercentage, &out.MirrorPercentage - *out = new(Percentage) - **out = **in - } - if in.CorsPolicy != nil { - in, out := &in.CorsPolicy, &out.CorsPolicy - *out = new(CorsPolicy) - (*in).DeepCopyInto(*out) - } - if in.Headers != nil { - in, out := &in.Headers, &out.Headers - *out = new(Headers) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. -func (in *HTTPRoute) DeepCopy() *HTTPRoute { - if in == nil { - return nil - } - out := new(HTTPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPRouteDestination) DeepCopyInto(out *HTTPRouteDestination) { - *out = *in - if in.Destination != nil { - in, out := &in.Destination, &out.Destination - *out = new(Destination) - (*in).DeepCopyInto(*out) - } - if in.Weight != nil { - in, out := &in.Weight, &out.Weight - *out = new(int) - **out = **in - } - if in.Headers != nil { - in, out := &in.Headers, &out.Headers - *out = new(Headers) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. -func (in *HTTPRouteDestination) DeepCopy() *HTTPRouteDestination { - if in == nil { - return nil - } - out := new(HTTPRouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPSettings) DeepCopyInto(out *HTTPSettings) { - *out = *in - if in.HTTP1MaxPendingRequests != nil { - in, out := &in.HTTP1MaxPendingRequests, &out.HTTP1MaxPendingRequests - *out = new(int32) - **out = **in - } - if in.HTTP2MaxRequests != nil { - in, out := &in.HTTP2MaxRequests, &out.HTTP2MaxRequests - *out = new(int32) - **out = **in - } - if in.MaxRequestsPerConnection != nil { - in, out := &in.MaxRequestsPerConnection, &out.MaxRequestsPerConnection - *out = new(int32) - **out = **in - } - if in.MaxRetries != nil { - in, out := &in.MaxRetries, &out.MaxRetries - *out = new(int32) - **out = **in - } - if in.IdleTimeout != nil { - in, out := &in.IdleTimeout, &out.IdleTimeout - *out = new(string) - **out = **in - } - if in.H2UpgradePolicy != nil { - in, out := &in.H2UpgradePolicy, &out.H2UpgradePolicy - *out = new(H2UpgradePolicy) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPSettings. -func (in *HTTPSettings) DeepCopy() *HTTPSettings { - if in == nil { - return nil - } - out := new(HTTPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HeaderOperations) DeepCopyInto(out *HeaderOperations) { - *out = *in - if in.Set != nil { - in, out := &in.Set, &out.Set - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Add != nil { - in, out := &in.Add, &out.Add - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Remove != nil { - in, out := &in.Remove, &out.Remove - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderOperations. -func (in *HeaderOperations) DeepCopy() *HeaderOperations { - if in == nil { - return nil - } - out := new(HeaderOperations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Headers) DeepCopyInto(out *Headers) { - *out = *in - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(HeaderOperations) - (*in).DeepCopyInto(*out) - } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(HeaderOperations) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers. -func (in *Headers) DeepCopy() *Headers { - if in == nil { - return nil - } - out := new(Headers) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioEgressListener) DeepCopyInto(out *IstioEgressListener) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(Port) - **out = **in - } - if in.Hosts != nil { - in, out := &in.Hosts, &out.Hosts - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. -func (in *IstioEgressListener) DeepCopy() *IstioEgressListener { - if in == nil { - return nil - } - out := new(IstioEgressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioIngressListener) DeepCopyInto(out *IstioIngressListener) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(Port) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. -func (in *IstioIngressListener) DeepCopy() *IstioIngressListener { - if in == nil { - return nil - } - out := new(IstioIngressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *L4MatchAttributes) DeepCopyInto(out *L4MatchAttributes) { - *out = *in - if in.DestinationSubnets != nil { - in, out := &in.DestinationSubnets, &out.DestinationSubnets - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(int) - **out = **in - } - if in.SourceLabels != nil { - in, out := &in.SourceLabels, &out.SourceLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Gateways != nil { - in, out := &in.Gateways, &out.Gateways - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. -func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes { - if in == nil { - return nil - } - out := new(L4MatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) { - *out = *in - if in.Simple != nil { - in, out := &in.Simple, &out.Simple - *out = new(SimpleLB) - **out = **in - } - if in.ConsistentHash != nil { - in, out := &in.ConsistentHash, &out.ConsistentHash - *out = new(ConsistentHashLB) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. -func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings { - if in == nil { - return nil - } - out := new(LoadBalancerSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OutboundTrafficPolicy) DeepCopyInto(out *OutboundTrafficPolicy) { - *out = *in - if in.Mode != nil { - in, out := &in.Mode, &out.Mode - *out = new(OutboundTrafficPolicyMode) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. -func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { - if in == nil { - return nil - } - out := new(OutboundTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { - *out = *in - if in.ConsecutiveGatewayErrors != nil { - in, out := &in.ConsecutiveGatewayErrors, &out.ConsecutiveGatewayErrors - *out = new(uint32) - **out = **in - } - if in.Consecutive5XxErrors != nil { - in, out := &in.Consecutive5XxErrors, &out.Consecutive5XxErrors - *out = new(uint32) - **out = **in - } - if in.Interval != nil { - in, out := &in.Interval, &out.Interval - *out = new(string) - **out = **in - } - if in.BaseEjectionTime != nil { - in, out := &in.BaseEjectionTime, &out.BaseEjectionTime - *out = new(string) - **out = **in - } - if in.MaxEjectionPercent != nil { - in, out := &in.MaxEjectionPercent, &out.MaxEjectionPercent - *out = new(int32) - **out = **in - } - if in.MinHealthPercent != nil { - in, out := &in.MinHealthPercent, &out.MinHealthPercent - *out = new(int32) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. -func (in *OutlierDetection) DeepCopy() *OutlierDetection { - if in == nil { - return nil - } - out := new(OutlierDetection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Percentage) DeepCopyInto(out *Percentage) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Percentage. -func (in *Percentage) DeepCopy() *Percentage { - if in == nil { - return nil - } - out := new(Percentage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Port) DeepCopyInto(out *Port) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. -func (in *Port) DeepCopy() *Port { - if in == nil { - return nil - } - out := new(Port) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PortSelector) DeepCopyInto(out *PortSelector) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. -func (in *PortSelector) DeepCopy() *PortSelector { - if in == nil { - return nil - } - out := new(PortSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PortTrafficPolicy) DeepCopyInto(out *PortTrafficPolicy) { - *out = *in - in.TrafficPolicyCommon.DeepCopyInto(&out.TrafficPolicyCommon) - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(PortSelector) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortTrafficPolicy. -func (in *PortTrafficPolicy) DeepCopy() *PortTrafficPolicy { - if in == nil { - return nil - } - out := new(PortTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { - *out = *in - if in.Destination != nil { - in, out := &in.Destination, &out.Destination - *out = new(Destination) - (*in).DeepCopyInto(*out) - } - if in.Weight != nil { - in, out := &in.Weight, &out.Weight - *out = new(int) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. -func (in *RouteDestination) DeepCopy() *RouteDestination { - if in == nil { - return nil - } - out := new(RouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Server) DeepCopyInto(out *Server) { - *out = *in - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(Port) - **out = **in - } - if in.Hosts != nil { - in, out := &in.Hosts, &out.Hosts - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = new(TLSOptions) - (*in).DeepCopyInto(*out) - } - if in.DefaultEndpoint != nil { - in, out := &in.DefaultEndpoint, &out.DefaultEndpoint - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. -func (in *Server) DeepCopy() *Server { - if in == nil { - return nil - } - out := new(Server) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. -func (in *ServiceEntry) DeepCopy() *ServiceEntry { - if in == nil { - return nil - } - out := new(ServiceEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceEntry) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceEntryEndpoint) DeepCopyInto(out *ServiceEntryEndpoint) { - *out = *in - if in.Address != nil { - in, out := &in.Address, &out.Address - *out = new(string) - **out = **in - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make(map[string]uint32, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Network != nil { - in, out := &in.Network, &out.Network - *out = new(string) - **out = **in - } - if in.Locality != nil { - in, out := &in.Locality, &out.Locality - *out = new(string) - **out = **in - } - if in.Weight != nil { - in, out := &in.Weight, &out.Weight - *out = new(uint32) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryEndpoint. -func (in *ServiceEntryEndpoint) DeepCopy() *ServiceEntryEndpoint { - if in == nil { - return nil - } - out := new(ServiceEntryEndpoint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceEntryList) DeepCopyInto(out *ServiceEntryList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ServiceEntry, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryList. -func (in *ServiceEntryList) DeepCopy() *ServiceEntryList { - if in == nil { - return nil - } - out := new(ServiceEntryList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceEntryList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceEntrySpec) DeepCopyInto(out *ServiceEntrySpec) { - *out = *in - if in.Hosts != nil { - in, out := &in.Hosts, &out.Hosts - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Addresses != nil { - in, out := &in.Addresses, &out.Addresses - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]*Port, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(Port) - **out = **in - } - } - } - if in.Location != nil { - in, out := &in.Location, &out.Location - *out = new(ServiceEntryLocation) - **out = **in - } - if in.Resolution != nil { - in, out := &in.Resolution, &out.Resolution - *out = new(ServiceEntryResolution) - **out = **in - } - if in.Endpoints != nil { - in, out := &in.Endpoints, &out.Endpoints - *out = make([]*ServiceEntryEndpoint, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(ServiceEntryEndpoint) - (*in).DeepCopyInto(*out) - } - } - } - if in.ExportTo != nil { - in, out := &in.ExportTo, &out.ExportTo - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SubjectAltNames != nil { - in, out := &in.SubjectAltNames, &out.SubjectAltNames - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntrySpec. -func (in *ServiceEntrySpec) DeepCopy() *ServiceEntrySpec { - if in == nil { - return nil - } - out := new(ServiceEntrySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Sidecar) DeepCopyInto(out *Sidecar) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. -func (in *Sidecar) DeepCopy() *Sidecar { - if in == nil { - return nil - } - out := new(Sidecar) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Sidecar) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SidecarList) DeepCopyInto(out *SidecarList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Sidecar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarList. -func (in *SidecarList) DeepCopy() *SidecarList { - if in == nil { - return nil - } - out := new(SidecarList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SidecarList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SidecarSpec) DeepCopyInto(out *SidecarSpec) { - *out = *in - if in.WorkloadSelector != nil { - in, out := &in.WorkloadSelector, &out.WorkloadSelector - *out = new(WorkloadSelector) - (*in).DeepCopyInto(*out) - } - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]*IstioIngressListener, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(IstioIngressListener) - (*in).DeepCopyInto(*out) - } - } - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]*IstioEgressListener, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(IstioEgressListener) - (*in).DeepCopyInto(*out) - } - } - } - if in.OutboundTrafficPolicy != nil { - in, out := &in.OutboundTrafficPolicy, &out.OutboundTrafficPolicy - *out = new(OutboundTrafficPolicy) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarSpec. -func (in *SidecarSpec) DeepCopy() *SidecarSpec { - if in == nil { - return nil - } - out := new(SidecarSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subset) DeepCopyInto(out *Subset) { - *out = *in - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.TrafficPolicy != nil { - in, out := &in.TrafficPolicy, &out.TrafficPolicy - *out = new(TrafficPolicy) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. -func (in *Subset) DeepCopy() *Subset { - if in == nil { - return nil - } - out := new(Subset) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPKeepalive) DeepCopyInto(out *TCPKeepalive) { - *out = *in - if in.Probes != nil { - in, out := &in.Probes, &out.Probes - *out = new(uint32) - **out = **in - } - if in.Time != nil { - in, out := &in.Time, &out.Time - *out = new(string) - **out = **in - } - if in.Interval != nil { - in, out := &in.Interval, &out.Interval - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPKeepalive. -func (in *TCPKeepalive) DeepCopy() *TCPKeepalive { - if in == nil { - return nil - } - out := new(TCPKeepalive) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { - *out = *in - if in.Match != nil { - in, out := &in.Match, &out.Match - *out = make([]L4MatchAttributes, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Route != nil { - in, out := &in.Route, &out.Route - *out = make([]*RouteDestination, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(RouteDestination) - (*in).DeepCopyInto(*out) - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. -func (in *TCPRoute) DeepCopy() *TCPRoute { - if in == nil { - return nil - } - out := new(TCPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPSettings) DeepCopyInto(out *TCPSettings) { - *out = *in - if in.MaxConnections != nil { - in, out := &in.MaxConnections, &out.MaxConnections - *out = new(int32) - **out = **in - } - if in.ConnectTimeout != nil { - in, out := &in.ConnectTimeout, &out.ConnectTimeout - *out = new(string) - **out = **in - } - if in.TCPKeepalive != nil { - in, out := &in.TCPKeepalive, &out.TCPKeepalive - *out = new(TCPKeepalive) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPSettings. -func (in *TCPSettings) DeepCopy() *TCPSettings { - if in == nil { - return nil - } - out := new(TCPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSMatchAttributes) DeepCopyInto(out *TLSMatchAttributes) { - *out = *in - if in.SniHosts != nil { - in, out := &in.SniHosts, &out.SniHosts - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.DestinationSubnets != nil { - in, out := &in.DestinationSubnets, &out.DestinationSubnets - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(int) - **out = **in - } - if in.SourceLabels != nil { - in, out := &in.SourceLabels, &out.SourceLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Gateways != nil { - in, out := &in.Gateways, &out.Gateways - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. -func (in *TLSMatchAttributes) DeepCopy() *TLSMatchAttributes { - if in == nil { - return nil - } - out := new(TLSMatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSOptions) DeepCopyInto(out *TLSOptions) { - *out = *in - if in.HTTPSRedirect != nil { - in, out := &in.HTTPSRedirect, &out.HTTPSRedirect - *out = new(bool) - **out = **in - } - if in.ServerCertificate != nil { - in, out := &in.ServerCertificate, &out.ServerCertificate - *out = new(string) - **out = **in - } - if in.PrivateKey != nil { - in, out := &in.PrivateKey, &out.PrivateKey - *out = new(string) - **out = **in - } - if in.CaCertificates != nil { - in, out := &in.CaCertificates, &out.CaCertificates - *out = new(string) - **out = **in - } - if in.CredentialName != nil { - in, out := &in.CredentialName, &out.CredentialName - *out = new(string) - **out = **in - } - if in.SubjectAltNames != nil { - in, out := &in.SubjectAltNames, &out.SubjectAltNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.VerifyCertificateSpki != nil { - in, out := &in.VerifyCertificateSpki, &out.VerifyCertificateSpki - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.VerifyCertificateHash != nil { - in, out := &in.VerifyCertificateHash, &out.VerifyCertificateHash - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MinProtocolVersion != nil { - in, out := &in.MinProtocolVersion, &out.MinProtocolVersion - *out = new(TLSProtocol) - **out = **in - } - if in.MaxProtocolVersion != nil { - in, out := &in.MaxProtocolVersion, &out.MaxProtocolVersion - *out = new(TLSProtocol) - **out = **in - } - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptions. -func (in *TLSOptions) DeepCopy() *TLSOptions { - if in == nil { - return nil - } - out := new(TLSOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSRoute) DeepCopyInto(out *TLSRoute) { - *out = *in - if in.Match != nil { - in, out := &in.Match, &out.Match - *out = make([]TLSMatchAttributes, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Route != nil { - in, out := &in.Route, &out.Route - *out = make([]*RouteDestination, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(RouteDestination) - (*in).DeepCopyInto(*out) - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. -func (in *TLSRoute) DeepCopy() *TLSRoute { - if in == nil { - return nil - } - out := new(TLSRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSSettings) DeepCopyInto(out *TLSSettings) { - *out = *in - if in.ClientCertificate != nil { - in, out := &in.ClientCertificate, &out.ClientCertificate - *out = new(string) - **out = **in - } - if in.PrivateKey != nil { - in, out := &in.PrivateKey, &out.PrivateKey - *out = new(string) - **out = **in - } - if in.CaCertificates != nil { - in, out := &in.CaCertificates, &out.CaCertificates - *out = new(string) - **out = **in - } - if in.SubjectAltNames != nil { - in, out := &in.SubjectAltNames, &out.SubjectAltNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SNI != nil { - in, out := &in.SNI, &out.SNI - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSettings. -func (in *TLSSettings) DeepCopy() *TLSSettings { - if in == nil { - return nil - } - out := new(TLSSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) { - *out = *in - in.TrafficPolicyCommon.DeepCopyInto(&out.TrafficPolicyCommon) - if in.PortLevelSettings != nil { - in, out := &in.PortLevelSettings, &out.PortLevelSettings - *out = make([]PortTrafficPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. -func (in *TrafficPolicy) DeepCopy() *TrafficPolicy { - if in == nil { - return nil - } - out := new(TrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TrafficPolicyCommon) DeepCopyInto(out *TrafficPolicyCommon) { - *out = *in - if in.LoadBalancer != nil { - in, out := &in.LoadBalancer, &out.LoadBalancer - *out = new(LoadBalancerSettings) - (*in).DeepCopyInto(*out) - } - if in.ConnectionPool != nil { - in, out := &in.ConnectionPool, &out.ConnectionPool - *out = new(ConnectionPoolSettings) - (*in).DeepCopyInto(*out) - } - if in.OutlierDetection != nil { - in, out := &in.OutlierDetection, &out.OutlierDetection - *out = new(OutlierDetection) - (*in).DeepCopyInto(*out) - } - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = new(TLSSettings) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicyCommon. -func (in *TrafficPolicyCommon) DeepCopy() *TrafficPolicyCommon { - if in == nil { - return nil - } - out := new(TrafficPolicyCommon) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VirtualService) DeepCopyInto(out *VirtualService) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. -func (in *VirtualService) DeepCopy() *VirtualService { - if in == nil { - return nil - } - out := new(VirtualService) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VirtualService) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VirtualServiceList) DeepCopyInto(out *VirtualServiceList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]VirtualService, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualServiceList. -func (in *VirtualServiceList) DeepCopy() *VirtualServiceList { - if in == nil { - return nil - } - out := new(VirtualServiceList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VirtualServiceList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VirtualServiceSpec) DeepCopyInto(out *VirtualServiceSpec) { - *out = *in - if in.Hosts != nil { - in, out := &in.Hosts, &out.Hosts - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Gateways != nil { - in, out := &in.Gateways, &out.Gateways - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = make([]HTTPRoute, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = make([]TLSRoute, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TCP != nil { - in, out := &in.TCP, &out.TCP - *out = make([]TCPRoute, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExportTo != nil { - in, out := &in.ExportTo, &out.ExportTo - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualServiceSpec. -func (in *VirtualServiceSpec) DeepCopy() *VirtualServiceSpec { - if in == nil { - return nil - } - out := new(VirtualServiceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. -func (in *WorkloadEntry) DeepCopy() *WorkloadEntry { - if in == nil { - return nil - } - out := new(WorkloadEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WorkloadEntry) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkloadEntryList) DeepCopyInto(out *WorkloadEntryList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]WorkloadEntry, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntryList. -func (in *WorkloadEntryList) DeepCopy() *WorkloadEntryList { - if in == nil { - return nil - } - out := new(WorkloadEntryList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WorkloadEntryList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkloadEntrySpec) DeepCopyInto(out *WorkloadEntrySpec) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make(map[string]uint32, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntrySpec. -func (in *WorkloadEntrySpec) DeepCopy() *WorkloadEntrySpec { - if in == nil { - return nil - } - out := new(WorkloadEntrySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { - *out = *in - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. -func (in *WorkloadSelector) DeepCopy() *WorkloadSelector { - if in == nil { - return nil - } - out := new(WorkloadSelector) - in.DeepCopyInto(out) - return out -} diff --git a/third_party/github.com/banzaicloud/istio-operator/.editorconfig b/third_party/github.com/banzaicloud/istio-operator/.editorconfig deleted file mode 100644 index 9ea0d10da..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/.editorconfig +++ /dev/null @@ -1,18 +0,0 @@ -root = true - -[*] -charset = utf-8 -end_of_line = lf -indent_size = 4 -indent_style = space -insert_final_newline = true -trim_trailing_whitespace = true - -[{*.go,*.mod}] -indent_style = tab - -[{Makefile,*.mk}] -indent_style = tab - -[{*.yaml,*.yml}] -indent_size = 2 diff --git a/third_party/github.com/banzaicloud/istio-operator/.gitignore b/third_party/github.com/banzaicloud/istio-operator/.gitignore deleted file mode 100644 index 69eed6437..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/.gitignore +++ /dev/null @@ -1,33 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -*.swp -*.swo -*~ - -.idea/* -!/.idea/go.imports.xml -/.licensei.cache -bin/* -cover.out - -/build/* -!/build/buf.* -!/build/fixup_structs diff --git a/third_party/github.com/banzaicloud/istio-operator/.licensei.toml b/third_party/github.com/banzaicloud/istio-operator/.licensei.toml deleted file mode 100644 index 218397e73..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/.licensei.toml +++ /dev/null @@ -1,51 +0,0 @@ -approved = ["mit", "apache-2.0", "bsd-3-clause", "bsd-2-clause", "mpl-2.0"] - -ignored = [ - "github.com/ghodss/yaml", - "github.com/gogo/protobuf", - "google.golang.org/protobuf", - "sigs.k8s.io/yaml", - "gopkg.in/fsnotify.v1", - - "github.com/davecgh/go-spew", # ISC license - "github.com/russross/blackfriday", # BSD-2 - "github.com/russross/blackfriday/v2", # BSD-2 - "github.com/xeipuuv/gojsonpointer", # Apache2 - "github.com/xeipuuv/gojsonreference", # Apache2 - "github.com/xeipuuv/gojsonschema", # Apache2 - "github.com/russross/blackfriday", # Simplifed BSD - "gomodules.xyz/jsonpatch/v2", # Apache2 - - # Unsupported VCS - "cloud.google.com/go", - "google.golang.org/api", -] - -[header] -ignorePaths = ["build", "vendor"] - -ignoreFiles = [ - "*.pb.go", - "*.gen.go", - "*.gogen.go", - "generated.go", - "zz_generated.deepcopy.go", - "*_test.go", -] - -template = """/* -Copyright :YEAR: Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -""" diff --git a/third_party/github.com/banzaicloud/istio-operator/CODEOWNERS b/third_party/github.com/banzaicloud/istio-operator/CODEOWNERS deleted file mode 100644 index 02f96cd86..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/CODEOWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# Each line is a file pattern followed by one or more owners. -# https://help.github.com/articles/about-codeowners/ - -# These owners will be the default owners for everything in -# the repo. Unless a later match takes precedence. -* @martonsereg @waynz0r @Laci21 diff --git a/third_party/github.com/banzaicloud/istio-operator/CONTRIBUTING.md b/third_party/github.com/banzaicloud/istio-operator/CONTRIBUTING.md deleted file mode 100644 index 88ef97c96..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/CONTRIBUTING.md +++ /dev/null @@ -1,18 +0,0 @@ -### Issues - -Please format your issues in such a way as to help others who might be facing similar challenges. -Give your issues meaningful titles, that offer context and helps us and the community to understand and quickly ramp up on it. - -We are grateful for any issues submitted. Questions, feature requests or ideas are welcomed. - -### Pull Requests - -Try to keep pull requests tidy, and be prepared for feedback. Everyone is welcomed to contribute to Istio-operator. - -#### Formatting Go Code - -To get your pull request merged, Golang files must be formatted using the `go fmt` tool. - -#### Linting - -Go code must pass [`lint`](https://github.com/golang/lint) checks. diff --git a/third_party/github.com/banzaicloud/istio-operator/LICENSE b/third_party/github.com/banzaicloud/istio-operator/LICENSE deleted file mode 100644 index f49a4e16e..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/README.md b/third_party/github.com/banzaicloud/istio-operator/README.md deleted file mode 100644 index f6f5086d9..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/README.md +++ /dev/null @@ -1,193 +0,0 @@ -# Istio operator - -Istio operator is a Kubernetes operator to deploy and manage [Istio](https://istio.io/) resources for a Kubernetes cluster. - -## Overview - -[Istio](https://istio.io/) is an open platform to connect, manage, and secure microservices and it is emerging as the `standard` for building service meshes on Kubernetes. - -The goal of the **Istio-operator** is to enable popular service mesh use cases (multi cluster topologies, multiple gateways support etc) by introducing easy to use higher level abstractions. - -## In this README - -- [Istio operator](#istio-operator) - - [Overview](#overview) - - [In this README](#in-this-readme) - - [Istio operator vs Calisti](#istio-operator-vs-calisti) - - [Getting started](#getting-started) - - [Prerequisites](#prerequisites) - - [Build and deploy](#build-and-deploy) - - [Issues, feature requests](#issues-feature-requests) - - [Contributing](#contributing) - - [Got stuck? Find help!](#got-stuck-find-help) - - [Community support](#community-support) - - [Engineering blog](#engineering-blog) - - [License](#license) - -## Istio operator vs [Calisti](https://calisti.app/) - -[Calisti](https://calisti.app/) is an enterprise-ready Istio platform for DevOps and SREs that automates lifecycle management and simplifies connectivity, security & observability for microservice-based applications. -The Cisco Istio operator is the core part of Calisti's Service Mesh Manager (SMM) component, which helps install, upgrade and manage Istio meshes. Still, SMM also provides many other features to secure, operate and observe Istio conveniently. - -The differences are presented in this table: - -| | Istio operator | Cisco Service Mesh Manager | -|:-------------------------:|:-----------------------:|:--------------------------:| -| Install Istio | :heavy_check_mark: | :heavy_check_mark: | -| Manage Istio | :heavy_check_mark: | :heavy_check_mark: | -| Upgrade Istio | :heavy_check_mark: | :heavy_check_mark: | -| Uninstall Istio | :heavy_check_mark: | :heavy_check_mark: | -| Multiple gateways support | :heavy_check_mark: | :heavy_check_mark: | -| Multi cluster support | needs some manual steps | fully automatic | -| Prometheus | | :heavy_check_mark: | -| Grafana | | :heavy_check_mark: | -| Jaeger | | :heavy_check_mark: | -| Cert manager | | :heavy_check_mark: | -| Dashboard | | :heavy_check_mark: | -| CLI | | :heavy_check_mark: | -| OIDC authentication | | :heavy_check_mark: | -| VM integration | | :heavy_check_mark: | -| Topology graph | | :heavy_check_mark: | -| Outlier detection | | :heavy_check_mark: | -| Service Level Objectives | | :heavy_check_mark: | -| Live access logs | | :heavy_check_mark: | -| mTLS management | | :heavy_check_mark: | -| Gateway management | | :heavy_check_mark: | -| Istio traffic management | | :heavy_check_mark: | -| Validations | | :heavy_check_mark: | -| Support | Community | Enterprise | - -For a complete list of SMM features, please check out the [SMM docs](https://smm-docs.eticloud.io/docs/). - -## Getting started - -### Prerequisites -- kubectl installed -- kubernetes cluster (version 1.23+) -- active kubecontext to the kubernetes cluster - -### Build and deploy -Download or check out the latest stable release. - -Run `make deploy` to deploy the operator's controller-manager on your kubernetes cluster. - -Check if the controller is running in the `istio-system` namespace: -``` -$ kubectl get pod -n istio-system - -NAME READY STATUS RESTARTS AGE -istio-operator-controller-manager-6f764787c-rbnht 2/2 Running 0 5m18s -``` - -Deploy the [Istio control plane sample](config/samples/servicemesh_v1alpha1_istiocontrolplane.yaml) to the `istio-system` namespace -``` -$ kubectl -n istio-system apply -f config/samples/servicemesh_v1alpha1_istiocontrolplane.yaml -istiocontrolplane.servicemesh.cisco.com/icp-v117x-sample created -``` - -Label the namespace, where you would like to enable sidecar injection for your pods. The label should consist of the name of the deployed IstioControlPlane and the namespace where it is deployed. -``` -$ kubectl label namespace demoapp istio.io/rev=icp-v117x-sample.istio-system -namespace/demoapp labeled -``` - -Deploy the [Istio ingress gateway sample](config/samples/servicemesh_v1alpha1_istiomeshgateway.yaml) to your desired namespace -``` -$ kubectl -n demoapp apply -f config/samples/servicemesh_v1alpha1_istiomeshgateway.yaml -istiomeshgateway.servicemesh.cisco.com/imgw-sample created -``` - -Deploy your application (or the [sample bookinfo app](https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml)). -``` -$ kubectl -n demoapp apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml -service/details created -serviceaccount/bookinfo-details created -deployment.apps/details-v1 created -service/ratings created -serviceaccount/bookinfo-ratings created -deployment.apps/ratings-v1 created -service/reviews created -serviceaccount/bookinfo-reviews created -deployment.apps/reviews-v1 created -deployment.apps/reviews-v2 created -deployment.apps/reviews-v3 created -service/productpage created -serviceaccount/bookinfo-productpage created -deployment.apps/productpage-v1 created -``` - -Verify that all applications' pods are running and have the sidecar proxy injected. The READY column shows the number of containers for the pod: this should be 1/1 for the gateway, and at least 2/2 for the other pods (the original container of the pods + the sidecar container). -``` -$ kubectl get pod -n demoapp -NAME READY STATUS RESTARTS AGE -details-v1-79f774bdb9-8xqwj 2/2 Running 0 35s -imgw-sample-66555d5b84-kv62w 1/1 Running 0 7m21s -productpage-v1-6b746f74dc-cx6x6 2/2 Running 0 33s -ratings-v1-b6994bb9-g9vm2 2/2 Running 0 35s -reviews-v1-545db77b95-rdmsp 2/2 Running 0 34s -reviews-v2-7bf8c9648f-rzmvj 2/2 Running 0 34s -reviews-v3-84779c7bbc-t5rfq 2/2 Running 0 33s -``` - -Deploy the VirtualService and Gateway needed for your application. -**For the [demo bookinfo](https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml) application, you need to modify the Istio Gateway entry!** The `spec.selector.istio` field should be set from `ingressgateway` to `imgw-sample` so it will be applied to the sample IstioMeshGateway deployed before. The port needs to be set to the targetPort of the deployed IstioMeshGateway. -``` -curl https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml | sed 's/istio: ingressgateway # use istio default controller/istio: imgw-sample/g;s/number: 80/number: 9080/g' | kubectl apply -f - -``` -``` -$ kubectl -n demoapp apply -f bookinfo-gateway.yaml -gateway.networking.istio.io/bookinfo-gateway created -virtualservice.networking.istio.io/bookinfo created -``` - -To access your application, use the public IP address of the `imgw-sample` LoadBalancer service. -``` -$ IP=$(kubectl -n demoapp get svc imgw-sample -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -$ curl -I $IP/productpage -HTTP/1.1 200 OK -content-type: text/html; charset=utf-8 -content-length: 4183 -server: istio-envoy -date: Mon, 02 May 2022 14:20:49 GMT -x-envoy-upstream-service-time: 739 -``` - -## Issues, feature requests - -Please note that the Istio operator is constantly under development, and new releases might introduce breaking changes. -We are striving to keep backward compatibility as much as possible while adding new features at a rapid pace. -Issues, new features or bugs are tracked on the projects [GitHub page](https://github.com/banzaicloud/istio-operator/issues) - please feel free to add yours! - -## Contributing - -If you find this project useful, here's how you can help: - -- Send a pull request with your new features and bug fixes -- Help new users with issues they may encounter -- Support the development of this project and star this repo! - -## Got stuck? Find help! - -### Community support - -If you encounter any problems not addressed in our documentation, [open an issue](https://github.com/banzaicloud/istio-operator/issues) or talk to us on the [Outshift Slack channel #istio-operator](https://eti.cisco.com/slack). - -### Engineering blog - -We occasionally write blog posts about [Istio](https://ciscotechblog.com/tags/istio/) itself and the [Istio operator](https://ciscotechblog.com/tags/istio-operator/). - -## License - -Copyright (c) 2021-2023 Cisco Systems, Inc. and/or its affiliates - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0) - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/third_party/github.com/banzaicloud/istio-operator/api/go.mod b/third_party/github.com/banzaicloud/istio-operator/api/go.mod deleted file mode 100644 index e60e75e30..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/go.mod +++ /dev/null @@ -1,36 +0,0 @@ -module github.com/banzaicloud/istio-operator/api/v2 - -go 1.25.0 - -require ( - github.com/golang/protobuf v1.5.4 - google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 - google.golang.org/protobuf v1.36.11 - istio.io/api v1.28.1 - k8s.io/api v0.34.3 - k8s.io/apimachinery v0.34.3 - sigs.k8s.io/controller-runtime v0.22.4 -) - -require ( - github.com/fxamacker/cbor/v2 v2.9.0 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/kr/text v0.2.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect - github.com/rogpeppe/go-internal v1.14.1 // indirect - github.com/spf13/pflag v1.0.10 // indirect - github.com/stretchr/testify v1.11.1 // indirect - github.com/x448/float16 v0.8.4 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/text v0.32.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect - sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect - sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/go.sum b/third_party/github.com/banzaicloud/istio-operator/api/go.sum deleted file mode 100644 index 9b6fdcc28..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/go.sum +++ /dev/null @@ -1,117 +0,0 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= -github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= -github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= -github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= -github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= -github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 h1:7LRqPCEdE4TP4/9psdaB7F2nhZFfBiGJomA5sojLWdU= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -istio.io/api v1.28.1 h1:A1DzBrL6PUmDDT8uvs43wxmlg6FvdKNiZvZC1PdA50M= -istio.io/api v1.28.1/go.mod h1:BD3qv/ekm16kvSgvSpuiDawgKhEwG97wx849CednJSg= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= -sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= -sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= -sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= -sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= -sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.go b/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.go deleted file mode 100644 index 5dc1868c4..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.go +++ /dev/null @@ -1,109 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc (unknown) -// source: api/options/options.proto - -package options - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - descriptorpb "google.golang.org/protobuf/types/descriptorpb" - reflect "reflect" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -var file_api_options_options_proto_extTypes = []protoimpl.ExtensionInfo{ - { - ExtendedType: (*descriptorpb.FieldOptions)(nil), - ExtensionType: (*string)(nil), - Field: 800815, - Name: "istio_operator.v2.api.options.intorstring", - Tag: "bytes,800815,opt,name=intorstring", - Filename: "api/options/options.proto", - }, -} - -// Extension fields to descriptor.FieldOptions. -var ( - // optional string intorstring = 800815; - E_Intorstring = &file_api_options_options_proto_extTypes[0] -) - -var File_api_options_options_proto protoreflect.FileDescriptor - -var file_api_options_options_proto_rawDesc = []byte{ - 0x0a, 0x19, 0x61, 0x70, 0x69, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x6f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, - 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x44, 0x0a, 0x0b, - 0x69, 0x6e, 0x74, 0x6f, 0x72, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, - 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xaf, 0xf0, 0x30, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x74, 0x6f, 0x72, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x88, - 0x01, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x62, 0x61, 0x6e, 0x7a, 0x61, 0x69, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x76, 0x32, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var file_api_options_options_proto_goTypes = []interface{}{ - (*descriptorpb.FieldOptions)(nil), // 0: google.protobuf.FieldOptions -} -var file_api_options_options_proto_depIdxs = []int32{ - 0, // 0: istio_operator.v2.api.options.intorstring:extendee -> google.protobuf.FieldOptions - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 0, // [0:1] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_api_options_options_proto_init() } -func file_api_options_options_proto_init() { - if File_api_options_options_proto != nil { - return - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_api_options_options_proto_rawDesc, - NumEnums: 0, - NumMessages: 0, - NumExtensions: 1, - NumServices: 0, - }, - GoTypes: file_api_options_options_proto_goTypes, - DependencyIndexes: file_api_options_options_proto_depIdxs, - ExtensionInfos: file_api_options_options_proto_extTypes, - }.Build() - File_api_options_options_proto = out.File - file_api_options_options_proto_rawDesc = nil - file_api_options_options_proto_goTypes = nil - file_api_options_options_proto_depIdxs = nil -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.html b/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.html deleted file mode 100644 index 31dee11e7..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/options/options.pb.html +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: istio_operator.v2.api.options -layout: protoc-gen-docs -generator: protoc-gen-docs -number_of_entries: 0 ---- diff --git a/third_party/github.com/banzaicloud/istio-operator/api/options/options.proto b/third_party/github.com/banzaicloud/istio-operator/api/options/options.proto deleted file mode 100644 index 4e19ce8f9..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/options/options.proto +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/protobuf/descriptor.proto"; - -package istio_operator.v2.api.options; - -option go_package = "github.com/banzaicloud/istio-operator/api/v2/options"; - -// mark whether the field is IntOrString type -// available values: -// "true": single field -// "map": map of fields -extend google.protobuf.FieldOptions { - optional string intorstring = 800815; -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/options/options_deepcopy.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/options/options_deepcopy.gen.go deleted file mode 100644 index a0856ec46..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/options/options_deepcopy.gen.go +++ /dev/null @@ -1,2 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package options diff --git a/third_party/github.com/banzaicloud/istio-operator/api/options/options_json.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/options/options_json.gen.go deleted file mode 100644 index 477aa4958..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/options/options_json.gen.go +++ /dev/null @@ -1,11 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package options - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -var ( - OptionsMarshaler = protojson.MarshalOptions{} - OptionsUnmarshaler = protojson.UnmarshalOptions{DiscardUnknown: true} -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.gen.json b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.gen.json deleted file mode 100644 index a40687984..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.gen.json +++ /dev/null @@ -1,2569 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "livenessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "readinessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Volume" - } - }, - "nodeSelector": { - "description": "Standard Kubernetes node selector configuration", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "affinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Affinity" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Toleration" - } - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", - "type": "string" - }, - "topologySpreadConstraints": { - "description": "Used to control how Pods are spread across a cluster among failure-domains. This can help to achieve high availability as well as efficient resource utilization. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TopologySpreadConstraint" - } - }, - "replicas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Replicas" - }, - "podMetadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "podDisruptionBudget": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PodDisruptionBudget" - }, - "deploymentStrategy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy" - }, - "podSecurityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodSecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.ConfigState": { - "type": "string", - "enum": [ - "Unspecified", - "Created", - "ReconcileFailed", - "Reconciling", - "Available", - "Unmanaged" - ] - }, - "istio_operator.v2.api.v1alpha1.ContainerImageConfiguration": { - "type": "object", - "properties": { - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "hub": { - "description": "Default hub for container images.", - "type": "string" - }, - "tag": { - "description": "Default tag for container images.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy": { - "type": "object", - "properties": { - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment": { - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "maxSurge": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPHeader" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. GOTYPE: *IntOrString", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ] - }, - "istio_operator.v2.api.v1alpha1.K8sObjectMeta": { - "description": "Generic k8s resource metadata", - "type": "object", - "properties": { - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch": { - "type": "object", - "properties": { - "groupVersionKind": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind" - }, - "objectKey": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - }, - "patches": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind": { - "type": "object", - "properties": { - "kind": { - "type": "string" - }, - "group": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type" - }, - "value": { - "type": "string" - }, - "parseValue": { - "type": "boolean" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type": { - "type": "string", - "enum": [ - "unspecified", - "replace", - "remove" - ] - }, - "istio_operator.v2.api.v1alpha1.NamespacedName": { - "type": "object", - "properties": { - "name": { - "description": "Name of the referenced Kubernetes resource", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referenced Kubernetes resource", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.PodDisruptionBudget": { - "description": "PodDisruptionBudget is a description of a PodDisruptionBudget", - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "minAvailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.Probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "type": "integer", - "format": "int64" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - }, - "istio_operator.v2.api.v1alpha1.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. GOTYPE: *Quantity", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ], - "pattern": "^(\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))))?$" - }, - "istio_operator.v2.api.v1alpha1.Replicas": { - "description": "Replicas contains pod replica configuration", - "type": "object", - "properties": { - "count": { - "description": "Standard Kubernetes replica count configuration", - "type": "integer", - "nullable": true - }, - "max": { - "description": "max is the upper limit for the number of replicas to which the autoscaler can scale up. min and max both need to be set the turn on autoscaling. It cannot be less than min.", - "type": "integer", - "nullable": true - }, - "min": { - "description": "min is the lower limit for the number of replicas to which the autoscaler can scale down. min and max both need to be set the turn on autoscaling.", - "type": "integer", - "nullable": true - }, - "targetCPUUtilizationPercentage": { - "description": "target average CPU utilization (represented as a percentage of requested CPU) over all the pods; default 80% will be used if not specified.", - "type": "integer", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.Service": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ServicePort": { - "description": "ServicePort contains information on service's port.", - "type": "object", - "properties": { - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. if only one ServicePort is defined on this service.", - "type": "string" - }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.", - "type": "string" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32" - }, - "targetPort": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "type": "integer", - "format": "int32" - } - } - }, - "istio_operator.v2.api.v1alpha1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.UnprotectedService": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource": { - "description": "Represents a Persistent Disk resource in AWS. An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.Affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "type": "object", - "properties": { - "nodeAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeAffinity" - }, - "podAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinity" - }, - "podAntiAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAntiAffinity" - } - } - }, - "k8s.io.api.core.v1.AzureDiskVolumeSource": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AzureFileVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.CSIVolumeSource": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", - "type": "object", - "properties": { - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", - "type": "string" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "volumeAttributes": { - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "nodePublishSecretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.Capabilities": { - "description": "Adds and removes POSIX capabilities from running containers.", - "type": "object", - "properties": { - "add": { - "description": "Added capabilities", - "type": "array", - "items": { - "type": "string" - } - }, - "drop": { - "description": "Removed capabilities", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.CephFSVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.CinderVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.ClientIPConfig": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.ConfigMapKeySelector": { - "description": "Selects a key from a ConfigMap.", - "type": "object", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapProjection": { - "description": "Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapVolumeSource": { - "description": "Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIProjection": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeFile": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "type": "object", - "properties": { - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeSource": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of downward API volume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.EmptyDirVolumeSource": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.EnvVar": { - "description": "EnvVar represents an environment variable present in a Container.", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", - "type": "string" - }, - "valueFrom": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVarSource" - } - } - }, - "k8s.io.api.core.v1.EnvVarSource": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "configMapKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapKeySelector" - }, - "secretKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretKeySelector" - } - } - }, - "k8s.io.api.core.v1.EphemeralVolumeSource": { - "description": "Represents an ephemeral volume that is handled by a normal storage driver.", - "type": "object", - "properties": { - "volumeClaimTemplate": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimTemplate" - } - } - }, - "k8s.io.api.core.v1.ExecAction": { - "description": "ExecAction describes a \"run in container\" action.", - "type": "object", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FCVolumeSource": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "type": "array", - "items": { - "type": "string" - } - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "type": "integer", - "format": "int32" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlexVolumeSource": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlockerVolumeSource": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GCEPersistentDiskVolumeSource": { - "description": "Represents a Persistent Disk resource in Google Compute Engine. A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GRPCAction": { - "type": "object", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "type": "integer", - "format": "int32" - }, - "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GitRepoVolumeSource": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "type": "object", - "properties": { - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - }, - "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GlusterfsVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - }, - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HTTPHeader": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HostPathVolumeSource": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ISCSIVolumeSource": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "type": "integer", - "format": "int32" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "array", - "items": { - "type": "string" - } - }, - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.KeyToPath": { - "description": "Maps a string key to a path within a volume.", - "type": "object", - "properties": { - "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string" - }, - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NFSVolumeSource": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NodeAffinity": { - "description": "Node affinity is a group of node affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelector" - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PreferredSchedulingTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelector": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", - "type": "object", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorRequirement": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorTerm": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - } - } - }, - "k8s.io.api.core.v1.ObjectFieldSelector": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", - "type": "object", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimSpec": { - "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceRequirements" - }, - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "type": "array", - "items": { - "type": "string" - } - }, - "selector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "dataSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - }, - "dataSourceRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimTemplate": { - "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimSpec" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", - "type": "boolean" - }, - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource": { - "description": "Represents a Photon Controller persistent disk resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PodAffinity": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodAffinityTerm": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "type": "array", - "items": { - "type": "string" - } - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - }, - "namespaceSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - } - }, - "k8s.io.api.core.v1.PodAntiAffinity": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodSecurityContext": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "type": "integer", - "format": "int64" - } - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Sysctl" - } - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - } - } - }, - "k8s.io.api.core.v1.PortworxVolumeSource": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - }, - "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.PreferredSchedulingTerm": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "type": "object", - "properties": { - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "preference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - }, - "k8s.io.api.core.v1.ProjectedVolumeSource": { - "description": "Represents a projected volume source", - "type": "object", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "sources": { - "description": "sources is the list of volume projections", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeProjection" - } - } - } - }, - "k8s.io.api.core.v1.QuobyteVolumeSource": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "group": { - "description": "group to map volume access to Default is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", - "type": "boolean" - }, - "user": { - "description": "user to map volume access to Defaults to serivceaccount user", - "type": "string" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.RBDVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ResourceFieldSelector": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", - "type": "object", - "properties": { - "resource": { - "description": "Required: resource to select", - "type": "string" - }, - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - } - }, - "k8s.io.api.core.v1.SELinuxOptions": { - "description": "SELinuxOptions are the labels to be applied to the container", - "type": "object", - "properties": { - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ScaleIOVolumeSource": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SeccompProfile": { - "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", - "type": "object", - "properties": { - "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", - "type": "string" - }, - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret.", - "type": "object", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretProjection": { - "description": "Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretVolumeSource": { - "description": "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.SecurityContext": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - }, - "capabilities": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Capabilities" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ServiceAccountTokenProjection": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", - "type": "object", - "properties": { - "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", - "type": "string" - }, - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.SessionAffinityConfig": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", - "type": "object", - "properties": { - "clientIP": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ClientIPConfig" - } - } - }, - "k8s.io.api.core.v1.StorageOSVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Sysctl": { - "description": "Sysctl defines a kernel parameter to be set", - "type": "object", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Toleration": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", - "type": "object", - "properties": { - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - }, - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.TopologySpreadConstraint": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.", - "type": "string" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", - "type": "integer", - "format": "int32" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.TypedLocalObjectReference": { - "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Volume": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "type": "object", - "properties": { - "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "volumeSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeSource" - } - } - }, - "k8s.io.api.core.v1.VolumeMount": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "type": "object", - "properties": { - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", - "type": "boolean" - }, - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapProjection" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretProjection" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIProjection" - }, - "serviceAccountToken": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ServiceAccountTokenProjection" - } - } - }, - "k8s.io.api.core.v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapVolumeSource" - }, - "gcePersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "awsElasticBlockStore": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "hostPath": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HostPathVolumeSource" - }, - "glusterfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GlusterfsVolumeSource" - }, - "nfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NFSVolumeSource" - }, - "rbd": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.RBDVolumeSource" - }, - "iscsi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ISCSIVolumeSource" - }, - "cinder": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CinderVolumeSource" - }, - "cephfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CephFSVolumeSource" - }, - "fc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FCVolumeSource" - }, - "flocker": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlockerVolumeSource" - }, - "flexVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlexVolumeSource" - }, - "azureFile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureFileVolumeSource" - }, - "vsphereVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource" - }, - "quobyte": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.QuobyteVolumeSource" - }, - "azureDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureDiskVolumeSource" - }, - "photonPersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PortworxVolumeSource" - }, - "scaleIO": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ScaleIOVolumeSource" - }, - "storageos": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.StorageOSVolumeSource" - }, - "csi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CSIVolumeSource" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretVolumeSource" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EmptyDirVolumeSource" - }, - "gitRepo": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GitRepoVolumeSource" - }, - "persistentVolumeClaim": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "projected": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ProjectedVolumeSource" - }, - "ephemeral": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EphemeralVolumeSource" - } - } - }, - "k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource": { - "description": "Represents a vSphere volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.WeightedPodAffinityTerm": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "type": "object", - "properties": { - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "podAffinityTerm": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - } - }, - "k8s.io.api.core.v1.WindowsSecurityContextOptions": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", - "type": "object", - "properties": { - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors. The serialization format is: \u003cquantity\u003e ::= \u003csignedNumber\u003e\u003csuffix\u003e (Note that \u003csuffix\u003e may be empty, from the \"\" case in \u003cdecimalSI\u003e.) \u003cdigit\u003e ::= 0 | 1 | ... | 9 \u003cdigits\u003e ::= \u003cdigit\u003e | \u003cdigit\u003e\u003cdigits\u003e \u003cnumber\u003e ::= \u003cdigits\u003e | \u003cdigits\u003e.\u003cdigits\u003e | \u003cdigits\u003e. | .\u003cdigits\u003e \u003csign\u003e ::= \"+\" | \"-\" \u003csignedNumber\u003e ::= \u003cnumber\u003e | \u003csign\u003e\u003cnumber\u003e \u003csuffix\u003e ::= \u003cbinarySI\u003e | \u003cdecimalExponent\u003e | \u003cdecimalSI\u003e \u003cbinarySI\u003e ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) \u003cdecimalSI\u003e ::= m | \"\" | k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) \u003cdecimalExponent\u003e ::= \"e\" \u003csignedNumber\u003e | \"E\" \u003csignedNumber\u003e No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. Before serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: a. No precision is lost b. No fractional digits will be emitted c. The exponent (or suffix) is as large as possible. The sign will be omitted unless the number is negative. Examples: 1.5 will be serialized as \"1500m\" 1.5Gi will be serialized as \"1536Mi\" Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", - "type": "object", - "properties": { - "string": { - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1": { - "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. The exact format is defined in sigs.k8s.io/structured-merge-diff", - "type": "object", - "properties": { - "Raw": { - "description": "Raw is the underlying serialization of this object.", - "type": "string", - "format": "binary" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { - "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", - "type": "object", - "properties": { - "time": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "apiVersion": { - "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", - "type": "string" - }, - "manager": { - "description": "Manager is an identifier of the workflow managing these fields.", - "type": "string" - }, - "operation": { - "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", - "type": "string" - }, - "fieldsType": { - "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", - "type": "string" - }, - "fieldsV1": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1" - }, - "subresource": { - "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", - "type": "object", - "properties": { - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "resourceVersion": { - "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" - }, - "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "generation": { - "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", - "type": "integer", - "format": "int64" - }, - "creationTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionGracePeriodSeconds": { - "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", - "type": "integer", - "format": "int64" - }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference" - } - }, - "finalizers": { - "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", - "type": "array", - "items": { - "type": "string" - } - }, - "clusterName": { - "description": "The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.", - "type": "string" - }, - "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "uid": { - "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.Time": { - "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", - "type": "object", - "properties": { - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", - "type": "integer", - "format": "int64" - }, - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32" - } - } - } - } - } -} \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.go deleted file mode 100644 index d9c4c895c..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "strconv" - - "github.com/golang/protobuf/jsonpb" - resource "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// define new type from k8s quantity to marshal/unmarshal jsonpb -type Quantity struct { - resource.Quantity `json:"quantity,omitempty"` -} - -// MarshalJSONPB implements the jsonpb.JSONPBMarshaler interface. -func (q *Quantity) MarshalJSONPB(_ *jsonpb.Marshaler) ([]byte, error) { - return q.Quantity.MarshalJSON() -} - -// UnmarshalJSONPB implements the jsonpb.JSONPBUnmarshaler interface. -func (q *Quantity) UnmarshalJSONPB(_ *jsonpb.Unmarshaler, value []byte) error { - // If its a string that isnt wrapped in quotes add them to appease kubernetes unmarshal - if _, err := strconv.Atoi(string(value)); err != nil && len(value) > 0 && value[0] != '"' { - value = append([]byte{'"'}, value...) - value = append(value, '"') - } - - return q.Quantity.UnmarshalJSON(value) -} - -// define new type from k8s intstr to marshal/unmarshal jsonpb -type IntOrString struct { - intstr.IntOrString `json:"intorsting,omitempty"` -} - -// MarshalJSONPB implements the jsonpb.JSONPBMarshaler interface. -func (intstrpb *IntOrString) MarshalJSONPB(_ *jsonpb.Marshaler) ([]byte, error) { - return intstrpb.IntOrString.MarshalJSON() -} - -// UnmarshalJSONPB implements the jsonpb.JSONPBUnmarshaler interface. -func (intstrpb *IntOrString) UnmarshalJSONPB(_ *jsonpb.Unmarshaler, value []byte) error { - // If its a string that isnt wrapped in quotes add them to appease kubernetes unmarshal - if _, err := strconv.Atoi(string(value)); err != nil && len(value) > 0 && value[0] != '"' { - value = append([]byte{'"'}, value...) - value = append(value, '"') - } - return intstrpb.IntOrString.UnmarshalJSON(value) -} - -// FromInt creates an IntOrStringForPB object with an int32 value. -func FromInt(val int) IntOrString { - return IntOrString{intstr.FromInt(val)} -} - -// FromString creates an IntOrStringForPB object with a string value. -func FromString(val string) IntOrString { - return IntOrString{intstr.FromString(val)} -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.go deleted file mode 100644 index 4e9fbd447..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.go +++ /dev/null @@ -1,3091 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc (unknown) -// source: api/v1alpha1/common.proto - -package v1alpha1 - -import ( - _ "github.com/banzaicloud/istio-operator/api/v2/options" - _ "github.com/golang/protobuf/protoc-gen-go/descriptor" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1 "k8s.io/api/core/v1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ConfigState int32 - -const ( - ConfigState_Unspecified ConfigState = 0 - ConfigState_Created ConfigState = 1 - ConfigState_ReconcileFailed ConfigState = 2 - ConfigState_Reconciling ConfigState = 3 - ConfigState_Available ConfigState = 4 - ConfigState_Unmanaged ConfigState = 5 -) - -// Enum value maps for ConfigState. -var ( - ConfigState_name = map[int32]string{ - 0: "Unspecified", - 1: "Created", - 2: "ReconcileFailed", - 3: "Reconciling", - 4: "Available", - 5: "Unmanaged", - } - ConfigState_value = map[string]int32{ - "Unspecified": 0, - "Created": 1, - "ReconcileFailed": 2, - "Reconciling": 3, - "Available": 4, - "Unmanaged": 5, - } -) - -func (x ConfigState) Enum() *ConfigState { - p := new(ConfigState) - *p = x - return p -} - -func (x ConfigState) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ConfigState) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_common_proto_enumTypes[0].Descriptor() -} - -func (ConfigState) Type() protoreflect.EnumType { - return &file_api_v1alpha1_common_proto_enumTypes[0] -} - -func (x ConfigState) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ConfigState.Descriptor instead. -func (ConfigState) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{0} -} - -type K8SResourceOverlayPatch_Type int32 - -const ( - K8SResourceOverlayPatch_unspecified K8SResourceOverlayPatch_Type = 0 - K8SResourceOverlayPatch_replace K8SResourceOverlayPatch_Type = 1 - K8SResourceOverlayPatch_remove K8SResourceOverlayPatch_Type = 2 -) - -// Enum value maps for K8SResourceOverlayPatch_Type. -var ( - K8SResourceOverlayPatch_Type_name = map[int32]string{ - 0: "unspecified", - 1: "replace", - 2: "remove", - } - K8SResourceOverlayPatch_Type_value = map[string]int32{ - "unspecified": 0, - "replace": 1, - "remove": 2, - } -) - -func (x K8SResourceOverlayPatch_Type) Enum() *K8SResourceOverlayPatch_Type { - p := new(K8SResourceOverlayPatch_Type) - *p = x - return p -} - -func (x K8SResourceOverlayPatch_Type) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (K8SResourceOverlayPatch_Type) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_common_proto_enumTypes[1].Descriptor() -} - -func (K8SResourceOverlayPatch_Type) Type() protoreflect.EnumType { - return &file_api_v1alpha1_common_proto_enumTypes[1] -} - -func (x K8SResourceOverlayPatch_Type) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use K8SResourceOverlayPatch_Type.Descriptor instead. -func (K8SResourceOverlayPatch_Type) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{15, 0} -} - -// Generic k8s resource metadata -type K8SObjectMeta struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: http://kubernetes.io/docs/user-guide/labels - // +optional - Labels map[string]string `protobuf:"bytes,11,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: http://kubernetes.io/docs/user-guide/annotations - // +optional - Annotations map[string]string `protobuf:"bytes,12,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *K8SObjectMeta) Reset() { - *x = K8SObjectMeta{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *K8SObjectMeta) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*K8SObjectMeta) ProtoMessage() {} - -func (x *K8SObjectMeta) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use K8SObjectMeta.ProtoReflect.Descriptor instead. -func (*K8SObjectMeta) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{0} -} - -func (x *K8SObjectMeta) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *K8SObjectMeta) GetAnnotations() map[string]string { - if x != nil { - return x.Annotations - } - return nil -} - -type ContainerImageConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Default hub for container images. - Hub string `protobuf:"bytes,1,opt,name=hub,proto3" json:"hub,omitempty"` - // Default tag for container images. - Tag string `protobuf:"bytes,2,opt,name=tag,proto3" json:"tag,omitempty"` - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // +optional - // +kubebuilder:validation:Enum=Always;Never;IfNotPresent - ImagePullPolicy string `protobuf:"bytes,3,opt,name=imagePullPolicy,proto3" json:"imagePullPolicy,omitempty"` - // ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. - // +optional - ImagePullSecrets []*v1.LocalObjectReference `protobuf:"bytes,4,rep,name=imagePullSecrets,proto3" json:"imagePullSecrets,omitempty"` -} - -func (x *ContainerImageConfiguration) Reset() { - *x = ContainerImageConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ContainerImageConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ContainerImageConfiguration) ProtoMessage() {} - -func (x *ContainerImageConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ContainerImageConfiguration.ProtoReflect.Descriptor instead. -func (*ContainerImageConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{1} -} - -func (x *ContainerImageConfiguration) GetHub() string { - if x != nil { - return x.Hub - } - return "" -} - -func (x *ContainerImageConfiguration) GetTag() string { - if x != nil { - return x.Tag - } - return "" -} - -func (x *ContainerImageConfiguration) GetImagePullPolicy() string { - if x != nil { - return x.ImagePullPolicy - } - return "" -} - -func (x *ContainerImageConfiguration) GetImagePullSecrets() []*v1.LocalObjectReference { - if x != nil { - return x.ImagePullSecrets - } - return nil -} - -type BaseKubernetesContainerConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Standard Kubernetes container image configuration - Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` - // If present will be appended to the environment variables of the container - Env []*v1.EnvVar `protobuf:"bytes,2,rep,name=env,proto3" json:"env,omitempty"` - // Standard Kubernetes resource configuration, memory and CPU resource requirements - Resources *ResourceRequirements `protobuf:"bytes,3,opt,name=resources,proto3" json:"resources,omitempty"` - // Standard Kubernetes security context configuration - SecurityContext *v1.SecurityContext `protobuf:"bytes,4,opt,name=securityContext,proto3" json:"securityContext,omitempty"` - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - VolumeMounts []*v1.VolumeMount `protobuf:"bytes,5,rep,name=volumeMounts,proto3" json:"volumeMounts,omitempty"` -} - -func (x *BaseKubernetesContainerConfiguration) Reset() { - *x = BaseKubernetesContainerConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BaseKubernetesContainerConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BaseKubernetesContainerConfiguration) ProtoMessage() {} - -func (x *BaseKubernetesContainerConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BaseKubernetesContainerConfiguration.ProtoReflect.Descriptor instead. -func (*BaseKubernetesContainerConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{2} -} - -func (x *BaseKubernetesContainerConfiguration) GetImage() string { - if x != nil { - return x.Image - } - return "" -} - -func (x *BaseKubernetesContainerConfiguration) GetEnv() []*v1.EnvVar { - if x != nil { - return x.Env - } - return nil -} - -func (x *BaseKubernetesContainerConfiguration) GetResources() *ResourceRequirements { - if x != nil { - return x.Resources - } - return nil -} - -func (x *BaseKubernetesContainerConfiguration) GetSecurityContext() *v1.SecurityContext { - if x != nil { - return x.SecurityContext - } - return nil -} - -func (x *BaseKubernetesContainerConfiguration) GetVolumeMounts() []*v1.VolumeMount { - if x != nil { - return x.VolumeMounts - } - return nil -} - -type BaseKubernetesResourceConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Generic k8s resource metadata - Metadata *K8SObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` - // Standard Kubernetes container image configuration - Image string `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"` - // If present will be appended to the environment variables of the container - Env []*v1.EnvVar `protobuf:"bytes,3,rep,name=env,proto3" json:"env,omitempty"` - // Standard Kubernetes resource configuration, memory and CPU resource requirements - Resources *ResourceRequirements `protobuf:"bytes,4,opt,name=resources,proto3" json:"resources,omitempty"` - // Standard Kubernetes node selector configuration - NodeSelector map[string]string `protobuf:"bytes,5,rep,name=nodeSelector,proto3" json:"nodeSelector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Standard Kubernetes affinity configuration - Affinity *v1.Affinity `protobuf:"bytes,6,opt,name=affinity,proto3" json:"affinity,omitempty"` - // Standard Kubernetes security context configuration - SecurityContext *v1.SecurityContext `protobuf:"bytes,7,opt,name=securityContext,proto3" json:"securityContext,omitempty"` - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // +optional - ImagePullPolicy string `protobuf:"bytes,8,opt,name=imagePullPolicy,proto3" json:"imagePullPolicy,omitempty"` - // ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. - // +optional - ImagePullSecrets []*v1.LocalObjectReference `protobuf:"bytes,9,rep,name=imagePullSecrets,proto3" json:"imagePullSecrets,omitempty"` - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - PriorityClassName string `protobuf:"bytes,10,opt,name=priorityClassName,proto3" json:"priorityClassName,omitempty"` - // If specified, the pod's tolerations. - // +optional - Tolerations []*v1.Toleration `protobuf:"bytes,11,rep,name=tolerations,proto3" json:"tolerations,omitempty"` - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - Volumes []*v1.Volume `protobuf:"bytes,12,rep,name=volumes,proto3" json:"volumes,omitempty"` - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - VolumeMounts []*v1.VolumeMount `protobuf:"bytes,13,rep,name=volumeMounts,proto3" json:"volumeMounts,omitempty"` - // Replica configuration - Replicas *Replicas `protobuf:"bytes,14,opt,name=replicas,proto3" json:"replicas,omitempty"` - // Standard Kubernetes pod annotation and label configuration - PodMetadata *K8SObjectMeta `protobuf:"bytes,15,opt,name=podMetadata,proto3" json:"podMetadata,omitempty"` - // PodDisruptionBudget configuration - PodDisruptionBudget *PodDisruptionBudget `protobuf:"bytes,16,opt,name=podDisruptionBudget,proto3" json:"podDisruptionBudget,omitempty"` - // DeploymentStrategy configuration - DeploymentStrategy *DeploymentStrategy `protobuf:"bytes,17,opt,name=deploymentStrategy,proto3" json:"deploymentStrategy,omitempty"` - // Standard Kubernetes pod security context configuration - PodSecurityContext *v1.PodSecurityContext `protobuf:"bytes,18,opt,name=podSecurityContext,proto3" json:"podSecurityContext,omitempty"` - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - LivenessProbe *Probe `protobuf:"bytes,19,opt,name=livenessProbe,proto3" json:"livenessProbe,omitempty"` - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - ReadinessProbe *Probe `protobuf:"bytes,20,opt,name=readinessProbe,proto3" json:"readinessProbe,omitempty"` - // Used to control how Pods are spread across a cluster among failure-domains. - // This can help to achieve high availability as well as efficient resource utilization. - // More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints - // +optional - TopologySpreadConstraints []*v1.TopologySpreadConstraint `protobuf:"bytes,21,rep,name=topologySpreadConstraints,proto3" json:"topologySpreadConstraints,omitempty"` -} - -func (x *BaseKubernetesResourceConfig) Reset() { - *x = BaseKubernetesResourceConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BaseKubernetesResourceConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BaseKubernetesResourceConfig) ProtoMessage() {} - -func (x *BaseKubernetesResourceConfig) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BaseKubernetesResourceConfig.ProtoReflect.Descriptor instead. -func (*BaseKubernetesResourceConfig) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{3} -} - -func (x *BaseKubernetesResourceConfig) GetMetadata() *K8SObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetImage() string { - if x != nil { - return x.Image - } - return "" -} - -func (x *BaseKubernetesResourceConfig) GetEnv() []*v1.EnvVar { - if x != nil { - return x.Env - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetResources() *ResourceRequirements { - if x != nil { - return x.Resources - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetNodeSelector() map[string]string { - if x != nil { - return x.NodeSelector - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetAffinity() *v1.Affinity { - if x != nil { - return x.Affinity - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetSecurityContext() *v1.SecurityContext { - if x != nil { - return x.SecurityContext - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetImagePullPolicy() string { - if x != nil { - return x.ImagePullPolicy - } - return "" -} - -func (x *BaseKubernetesResourceConfig) GetImagePullSecrets() []*v1.LocalObjectReference { - if x != nil { - return x.ImagePullSecrets - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetPriorityClassName() string { - if x != nil { - return x.PriorityClassName - } - return "" -} - -func (x *BaseKubernetesResourceConfig) GetTolerations() []*v1.Toleration { - if x != nil { - return x.Tolerations - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetVolumes() []*v1.Volume { - if x != nil { - return x.Volumes - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetVolumeMounts() []*v1.VolumeMount { - if x != nil { - return x.VolumeMounts - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetReplicas() *Replicas { - if x != nil { - return x.Replicas - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetPodMetadata() *K8SObjectMeta { - if x != nil { - return x.PodMetadata - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetPodDisruptionBudget() *PodDisruptionBudget { - if x != nil { - return x.PodDisruptionBudget - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetDeploymentStrategy() *DeploymentStrategy { - if x != nil { - return x.DeploymentStrategy - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetPodSecurityContext() *v1.PodSecurityContext { - if x != nil { - return x.PodSecurityContext - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetLivenessProbe() *Probe { - if x != nil { - return x.LivenessProbe - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetReadinessProbe() *Probe { - if x != nil { - return x.ReadinessProbe - } - return nil -} - -func (x *BaseKubernetesResourceConfig) GetTopologySpreadConstraints() []*v1.TopologySpreadConstraint { - if x != nil { - return x.TopologySpreadConstraints - } - return nil -} - -type DeploymentStrategy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - // +optional - RollingUpdate *DeploymentStrategy_RollingUpdateDeployment `protobuf:"bytes,2,opt,name=rollingUpdate,proto3" json:"rollingUpdate,omitempty"` -} - -func (x *DeploymentStrategy) Reset() { - *x = DeploymentStrategy{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DeploymentStrategy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DeploymentStrategy) ProtoMessage() {} - -func (x *DeploymentStrategy) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DeploymentStrategy.ProtoReflect.Descriptor instead. -func (*DeploymentStrategy) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{4} -} - -func (x *DeploymentStrategy) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *DeploymentStrategy) GetRollingUpdate() *DeploymentStrategy_RollingUpdateDeployment { - if x != nil { - return x.RollingUpdate - } - return nil -} - -// PodDisruptionBudget is a description of a PodDisruptionBudget -type PodDisruptionBudget struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - MinAvailable *IntOrString `protobuf:"bytes,1,opt,name=minAvailable,proto3" json:"minAvailable,omitempty"` - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - MaxUnavailable *IntOrString `protobuf:"bytes,2,opt,name=maxUnavailable,proto3" json:"maxUnavailable,omitempty"` -} - -func (x *PodDisruptionBudget) Reset() { - *x = PodDisruptionBudget{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PodDisruptionBudget) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PodDisruptionBudget) ProtoMessage() {} - -func (x *PodDisruptionBudget) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PodDisruptionBudget.ProtoReflect.Descriptor instead. -func (*PodDisruptionBudget) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{5} -} - -func (x *PodDisruptionBudget) GetMinAvailable() *IntOrString { - if x != nil { - return x.MinAvailable - } - return nil -} - -func (x *PodDisruptionBudget) GetMaxUnavailable() *IntOrString { - if x != nil { - return x.MaxUnavailable - } - return nil -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -type Probe struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The action taken to determine the health of a container - // - // Types that are assignable to Handler: - // - // *Probe_Exec - // *Probe_HttpGet - // *Probe_TcpSocket - // *Probe_Grpc - Handler isProbe_Handler `protobuf_oneof:"handler"` - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - InitialDelaySeconds int32 `protobuf:"varint,5,opt,name=initialDelaySeconds,proto3" json:"initialDelaySeconds,omitempty"` - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - TimeoutSeconds int32 `protobuf:"varint,6,opt,name=timeoutSeconds,proto3" json:"timeoutSeconds,omitempty"` - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - PeriodSeconds int32 `protobuf:"varint,7,opt,name=periodSeconds,proto3" json:"periodSeconds,omitempty"` - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - SuccessThreshold int32 `protobuf:"varint,8,opt,name=successThreshold,proto3" json:"successThreshold,omitempty"` - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - FailureThreshold int32 `protobuf:"varint,9,opt,name=failureThreshold,proto3" json:"failureThreshold,omitempty"` - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - TerminationGracePeriodSeconds int64 `protobuf:"varint,10,opt,name=terminationGracePeriodSeconds,proto3" json:"terminationGracePeriodSeconds,omitempty"` -} - -func (x *Probe) Reset() { - *x = Probe{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Probe) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Probe) ProtoMessage() {} - -func (x *Probe) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Probe.ProtoReflect.Descriptor instead. -func (*Probe) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{6} -} - -func (m *Probe) GetHandler() isProbe_Handler { - if m != nil { - return m.Handler - } - return nil -} - -func (x *Probe) GetExec() *v1.ExecAction { - if x, ok := x.GetHandler().(*Probe_Exec); ok { - return x.Exec - } - return nil -} - -func (x *Probe) GetHttpGet() *HTTPGetAction { - if x, ok := x.GetHandler().(*Probe_HttpGet); ok { - return x.HttpGet - } - return nil -} - -func (x *Probe) GetTcpSocket() *TCPSocketAction { - if x, ok := x.GetHandler().(*Probe_TcpSocket); ok { - return x.TcpSocket - } - return nil -} - -func (x *Probe) GetGrpc() *v1.GRPCAction { - if x, ok := x.GetHandler().(*Probe_Grpc); ok { - return x.Grpc - } - return nil -} - -func (x *Probe) GetInitialDelaySeconds() int32 { - if x != nil { - return x.InitialDelaySeconds - } - return 0 -} - -func (x *Probe) GetTimeoutSeconds() int32 { - if x != nil { - return x.TimeoutSeconds - } - return 0 -} - -func (x *Probe) GetPeriodSeconds() int32 { - if x != nil { - return x.PeriodSeconds - } - return 0 -} - -func (x *Probe) GetSuccessThreshold() int32 { - if x != nil { - return x.SuccessThreshold - } - return 0 -} - -func (x *Probe) GetFailureThreshold() int32 { - if x != nil { - return x.FailureThreshold - } - return 0 -} - -func (x *Probe) GetTerminationGracePeriodSeconds() int64 { - if x != nil { - return x.TerminationGracePeriodSeconds - } - return 0 -} - -type isProbe_Handler interface { - isProbe_Handler() -} - -type Probe_Exec struct { - // Exec specifies the action to take. - // +optional - Exec *v1.ExecAction `protobuf:"bytes,1,opt,name=exec,proto3,oneof"` -} - -type Probe_HttpGet struct { - // HTTPGet specifies the http request to perform. - // +optional - HttpGet *HTTPGetAction `protobuf:"bytes,2,opt,name=httpGet,proto3,oneof"` -} - -type Probe_TcpSocket struct { - // TCPSocket specifies an action involving a TCP port. - // +optional - TcpSocket *TCPSocketAction `protobuf:"bytes,3,opt,name=tcpSocket,proto3,oneof"` -} - -type Probe_Grpc struct { - // GRPC specifies an action involving a GRPC port. - // This is a beta field and requires enabling GRPCContainerProbe feature gate. - // +featureGate=GRPCContainerProbe - // +optional - Grpc *v1.GRPCAction `protobuf:"bytes,4,opt,name=grpc,proto3,oneof"` -} - -func (*Probe_Exec) isProbe_Handler() {} - -func (*Probe_HttpGet) isProbe_Handler() {} - -func (*Probe_TcpSocket) isProbe_Handler() {} - -func (*Probe_Grpc) isProbe_Handler() {} - -// HTTPGetAction describes an action based on HTTP Get requests. -type HTTPGetAction struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Path to access on the HTTP server. - // +optional - Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - Port *IntOrString `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"` - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - HttpHeaders []*v1.HTTPHeader `protobuf:"bytes,5,rep,name=httpHeaders,proto3" json:"httpHeaders,omitempty"` -} - -func (x *HTTPGetAction) Reset() { - *x = HTTPGetAction{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPGetAction) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPGetAction) ProtoMessage() {} - -func (x *HTTPGetAction) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPGetAction.ProtoReflect.Descriptor instead. -func (*HTTPGetAction) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{7} -} - -func (x *HTTPGetAction) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *HTTPGetAction) GetPort() *IntOrString { - if x != nil { - return x.Port - } - return nil -} - -func (x *HTTPGetAction) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *HTTPGetAction) GetScheme() string { - if x != nil { - return x.Scheme - } - return "" -} - -func (x *HTTPGetAction) GetHttpHeaders() []*v1.HTTPHeader { - if x != nil { - return x.HttpHeaders - } - return nil -} - -// TCPSocketAction describes an action based on opening a socket -type TCPSocketAction struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - Port *IntOrString `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - Host string `protobuf:"bytes,2,opt,name=host,proto3" json:"host,omitempty"` -} - -func (x *TCPSocketAction) Reset() { - *x = TCPSocketAction{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TCPSocketAction) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TCPSocketAction) ProtoMessage() {} - -func (x *TCPSocketAction) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TCPSocketAction.ProtoReflect.Descriptor instead. -func (*TCPSocketAction) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{8} -} - -func (x *TCPSocketAction) GetPort() *IntOrString { - if x != nil { - return x.Port - } - return nil -} - -func (x *TCPSocketAction) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -// Service describes the attributes that a user creates on a service. -type Service struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Metadata *K8SObjectMeta `protobuf:"bytes,16,opt,name=metadata,proto3" json:"metadata,omitempty"` - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - // +kubebuilder:validation:MinItems=1 - Ports []*ServicePort `protobuf:"bytes,1,rep,name=ports,proto3" json:"ports,omitempty"` - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - Selector map[string]string `protobuf:"bytes,2,rep,name=selector,proto3" json:"selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // clusterIP is the IP address of the service and is usually assigned - // randomly by the master. If an address is specified manually and is not in - // use by others, it will be allocated to the service; otherwise, creation - // of the service will fail. This field can not be changed through updates. - // Valid values are "None", empty string (""), or a valid IP address. "None" - // can be specified for headless services when proxying is not required. - // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if - // type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - ClusterIP string `protobuf:"bytes,3,opt,name=clusterIP,proto3" json:"clusterIP,omitempty"` - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ExternalName" maps to the specified externalName. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing to - // endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object. If clusterIP is - // "None", no virtual IP is allocated and the endpoints are published as a - // set of endpoints rather than a stable IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the clusterIP. - // "LoadBalancer" builds on NodePort and creates an - // external load-balancer (if supported in the current cloud) which routes - // to the clusterIP. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - Type string `protobuf:"bytes,4,opt,name=type,proto3" json:"type,omitempty"` - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - ExternalIPs []string `protobuf:"bytes,5,rep,name=externalIPs,proto3" json:"externalIPs,omitempty"` - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - SessionAffinity string `protobuf:"bytes,7,opt,name=sessionAffinity,proto3" json:"sessionAffinity,omitempty"` - // Only applies to Service Type: LoadBalancer - // LoadBalancer will get created with the IP specified in this field. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // +optional - LoadBalancerIP string `protobuf:"bytes,8,opt,name=loadBalancerIP,proto3" json:"loadBalancerIP,omitempty"` - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - // +optional - LoadBalancerSourceRanges []string `protobuf:"bytes,9,rep,name=loadBalancerSourceRanges,proto3" json:"loadBalancerSourceRanges,omitempty"` - // externalName is the external reference that kubedns or equivalent will - // return as a CNAME record for this service. No proxying will be involved. - // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - // and requires Type to be ExternalName. - // +optional - ExternalName string `protobuf:"bytes,10,opt,name=externalName,proto3" json:"externalName,omitempty"` - // externalTrafficPolicy denotes if this Service desires to route external - // traffic to node-local or cluster-wide endpoints. "Local" preserves the - // client source IP and avoids a second hop for LoadBalancer and Nodeport - // type services, but risks potentially imbalanced traffic spreading. - // "Cluster" obscures the client source IP and may cause a second hop to - // another node, but should have good overall load-spreading. - // +optional - ExternalTrafficPolicy string `protobuf:"bytes,11,opt,name=externalTrafficPolicy,proto3" json:"externalTrafficPolicy,omitempty"` - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // If not specified, HealthCheckNodePort is created by the service api - // backend with the allocated nodePort. Will use user-specified nodePort value - // if specified by the client. Only effects when Type is set to LoadBalancer - // and ExternalTrafficPolicy is set to Local. - // +optional - HealthCheckNodePort int32 `protobuf:"varint,12,opt,name=healthCheckNodePort,proto3" json:"healthCheckNodePort,omitempty"` - // publishNotReadyAddresses, when set to true, indicates that DNS implementations - // must publish the notReadyAddresses of subsets for the Endpoints associated with - // the Service. The default value is false. - // The primary use case for setting this field is to use a StatefulSet's Headless Service - // to propagate SRV records for its Pods without respect to their readiness for purpose - // of peer discovery. - // +optional - PublishNotReadyAddresses *wrappers.BoolValue `protobuf:"bytes,13,opt,name=publishNotReadyAddresses,proto3" json:"publishNotReadyAddresses,omitempty"` - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - SessionAffinityConfig *v1.SessionAffinityConfig `protobuf:"bytes,14,opt,name=sessionAffinityConfig,proto3" json:"sessionAffinityConfig,omitempty"` - // ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. - // IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is - // available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. - // Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which - // allocate external load-balancers should use the same IP family. Endpoints for this Service will be of - // this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the - // cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. - // +optional - IpFamily string `protobuf:"bytes,15,opt,name=ipFamily,proto3" json:"ipFamily,omitempty"` -} - -func (x *Service) Reset() { - *x = Service{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Service) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Service) ProtoMessage() {} - -func (x *Service) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Service.ProtoReflect.Descriptor instead. -func (*Service) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{9} -} - -func (x *Service) GetMetadata() *K8SObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *Service) GetPorts() []*ServicePort { - if x != nil { - return x.Ports - } - return nil -} - -func (x *Service) GetSelector() map[string]string { - if x != nil { - return x.Selector - } - return nil -} - -func (x *Service) GetClusterIP() string { - if x != nil { - return x.ClusterIP - } - return "" -} - -func (x *Service) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *Service) GetExternalIPs() []string { - if x != nil { - return x.ExternalIPs - } - return nil -} - -func (x *Service) GetSessionAffinity() string { - if x != nil { - return x.SessionAffinity - } - return "" -} - -func (x *Service) GetLoadBalancerIP() string { - if x != nil { - return x.LoadBalancerIP - } - return "" -} - -func (x *Service) GetLoadBalancerSourceRanges() []string { - if x != nil { - return x.LoadBalancerSourceRanges - } - return nil -} - -func (x *Service) GetExternalName() string { - if x != nil { - return x.ExternalName - } - return "" -} - -func (x *Service) GetExternalTrafficPolicy() string { - if x != nil { - return x.ExternalTrafficPolicy - } - return "" -} - -func (x *Service) GetHealthCheckNodePort() int32 { - if x != nil { - return x.HealthCheckNodePort - } - return 0 -} - -func (x *Service) GetPublishNotReadyAddresses() *wrappers.BoolValue { - if x != nil { - return x.PublishNotReadyAddresses - } - return nil -} - -func (x *Service) GetSessionAffinityConfig() *v1.SessionAffinityConfig { - if x != nil { - return x.SessionAffinityConfig - } - return nil -} - -func (x *Service) GetIpFamily() string { - if x != nil { - return x.IpFamily - } - return "" -} - -// Service describes the attributes that a user creates on a service. -type UnprotectedService struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Metadata *K8SObjectMeta `protobuf:"bytes,16,opt,name=metadata,proto3" json:"metadata,omitempty"` - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - Ports []*ServicePort `protobuf:"bytes,1,rep,name=ports,proto3" json:"ports,omitempty"` - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - Selector map[string]string `protobuf:"bytes,2,rep,name=selector,proto3" json:"selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // clusterIP is the IP address of the service and is usually assigned - // randomly by the master. If an address is specified manually and is not in - // use by others, it will be allocated to the service; otherwise, creation - // of the service will fail. This field can not be changed through updates. - // Valid values are "None", empty string (""), or a valid IP address. "None" - // can be specified for headless services when proxying is not required. - // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if - // type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - ClusterIP string `protobuf:"bytes,3,opt,name=clusterIP,proto3" json:"clusterIP,omitempty"` - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ExternalName" maps to the specified externalName. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing to - // endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object. If clusterIP is - // "None", no virtual IP is allocated and the endpoints are published as a - // set of endpoints rather than a stable IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the clusterIP. - // "LoadBalancer" builds on NodePort and creates an - // external load-balancer (if supported in the current cloud) which routes - // to the clusterIP. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - Type string `protobuf:"bytes,4,opt,name=type,proto3" json:"type,omitempty"` - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - ExternalIPs []string `protobuf:"bytes,5,rep,name=externalIPs,proto3" json:"externalIPs,omitempty"` - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - SessionAffinity string `protobuf:"bytes,7,opt,name=sessionAffinity,proto3" json:"sessionAffinity,omitempty"` - // Only applies to Service Type: LoadBalancer - // LoadBalancer will get created with the IP specified in this field. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // +optional - LoadBalancerIP string `protobuf:"bytes,8,opt,name=loadBalancerIP,proto3" json:"loadBalancerIP,omitempty"` - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - // +optional - LoadBalancerSourceRanges []string `protobuf:"bytes,9,rep,name=loadBalancerSourceRanges,proto3" json:"loadBalancerSourceRanges,omitempty"` - // externalName is the external reference that kubedns or equivalent will - // return as a CNAME record for this service. No proxying will be involved. - // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - // and requires Type to be ExternalName. - // +optional - ExternalName string `protobuf:"bytes,10,opt,name=externalName,proto3" json:"externalName,omitempty"` - // externalTrafficPolicy denotes if this Service desires to route external - // traffic to node-local or cluster-wide endpoints. "Local" preserves the - // client source IP and avoids a second hop for LoadBalancer and Nodeport - // type services, but risks potentially imbalanced traffic spreading. - // "Cluster" obscures the client source IP and may cause a second hop to - // another node, but should have good overall load-spreading. - // +optional - ExternalTrafficPolicy string `protobuf:"bytes,11,opt,name=externalTrafficPolicy,proto3" json:"externalTrafficPolicy,omitempty"` - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // If not specified, HealthCheckNodePort is created by the service api - // backend with the allocated nodePort. Will use user-specified nodePort value - // if specified by the client. Only effects when Type is set to LoadBalancer - // and ExternalTrafficPolicy is set to Local. - // +optional - HealthCheckNodePort int32 `protobuf:"varint,12,opt,name=healthCheckNodePort,proto3" json:"healthCheckNodePort,omitempty"` - // publishNotReadyAddresses, when set to true, indicates that DNS implementations - // must publish the notReadyAddresses of subsets for the Endpoints associated with - // the Service. The default value is false. - // The primary use case for setting this field is to use a StatefulSet's Headless Service - // to propagate SRV records for its Pods without respect to their readiness for purpose - // of peer discovery. - // +optional - PublishNotReadyAddresses *wrappers.BoolValue `protobuf:"bytes,13,opt,name=publishNotReadyAddresses,proto3" json:"publishNotReadyAddresses,omitempty"` - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - SessionAffinityConfig *v1.SessionAffinityConfig `protobuf:"bytes,14,opt,name=sessionAffinityConfig,proto3" json:"sessionAffinityConfig,omitempty"` - // ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. - // IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is - // available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. - // Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which - // allocate external load-balancers should use the same IP family. Endpoints for this Service will be of - // this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the - // cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. - // +optional - IpFamily string `protobuf:"bytes,15,opt,name=ipFamily,proto3" json:"ipFamily,omitempty"` -} - -func (x *UnprotectedService) Reset() { - *x = UnprotectedService{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UnprotectedService) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UnprotectedService) ProtoMessage() {} - -func (x *UnprotectedService) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UnprotectedService.ProtoReflect.Descriptor instead. -func (*UnprotectedService) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{10} -} - -func (x *UnprotectedService) GetMetadata() *K8SObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *UnprotectedService) GetPorts() []*ServicePort { - if x != nil { - return x.Ports - } - return nil -} - -func (x *UnprotectedService) GetSelector() map[string]string { - if x != nil { - return x.Selector - } - return nil -} - -func (x *UnprotectedService) GetClusterIP() string { - if x != nil { - return x.ClusterIP - } - return "" -} - -func (x *UnprotectedService) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *UnprotectedService) GetExternalIPs() []string { - if x != nil { - return x.ExternalIPs - } - return nil -} - -func (x *UnprotectedService) GetSessionAffinity() string { - if x != nil { - return x.SessionAffinity - } - return "" -} - -func (x *UnprotectedService) GetLoadBalancerIP() string { - if x != nil { - return x.LoadBalancerIP - } - return "" -} - -func (x *UnprotectedService) GetLoadBalancerSourceRanges() []string { - if x != nil { - return x.LoadBalancerSourceRanges - } - return nil -} - -func (x *UnprotectedService) GetExternalName() string { - if x != nil { - return x.ExternalName - } - return "" -} - -func (x *UnprotectedService) GetExternalTrafficPolicy() string { - if x != nil { - return x.ExternalTrafficPolicy - } - return "" -} - -func (x *UnprotectedService) GetHealthCheckNodePort() int32 { - if x != nil { - return x.HealthCheckNodePort - } - return 0 -} - -func (x *UnprotectedService) GetPublishNotReadyAddresses() *wrappers.BoolValue { - if x != nil { - return x.PublishNotReadyAddresses - } - return nil -} - -func (x *UnprotectedService) GetSessionAffinityConfig() *v1.SessionAffinityConfig { - if x != nil { - return x.SessionAffinityConfig - } - return nil -} - -func (x *UnprotectedService) GetIpFamily() string { - if x != nil { - return x.IpFamily - } - return "" -} - -// ServicePort contains information on service's port. -type ServicePort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // if only one ServicePort is defined on this service. - // +optional - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +optional - // +kubebuilder:default=TCP - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // The port that will be exposed by this service. - Port int32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - TargetPort *IntOrString `protobuf:"bytes,4,opt,name=targetPort,proto3" json:"targetPort,omitempty"` - // The port on each node on which this service is exposed when type=NodePort or LoadBalancer. - // Usually assigned by the system. If specified, it will be allocated to the service - // if unused or else creation of the service will fail. - // Default is to auto-allocate a port if the ServiceType of this Service requires one. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - NodePort int32 `protobuf:"varint,5,opt,name=nodePort,proto3" json:"nodePort,omitempty"` -} - -func (x *ServicePort) Reset() { - *x = ServicePort{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServicePort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServicePort) ProtoMessage() {} - -func (x *ServicePort) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServicePort.ProtoReflect.Descriptor instead. -func (*ServicePort) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{11} -} - -func (x *ServicePort) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *ServicePort) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *ServicePort) GetPort() int32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *ServicePort) GetTargetPort() *IntOrString { - if x != nil { - return x.TargetPort - } - return nil -} - -func (x *ServicePort) GetNodePort() int32 { - if x != nil { - return x.NodePort - } - return 0 -} - -type NamespacedName struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the referenced Kubernetes resource - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Namespace of the referenced Kubernetes resource - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` -} - -func (x *NamespacedName) Reset() { - *x = NamespacedName{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NamespacedName) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NamespacedName) ProtoMessage() {} - -func (x *NamespacedName) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NamespacedName.ProtoReflect.Descriptor instead. -func (*NamespacedName) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{12} -} - -func (x *NamespacedName) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *NamespacedName) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -// ResourceRequirements describes the compute resource requirements. -type ResourceRequirements struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - // +optional - Limits map[string]*Quantity `protobuf:"bytes,1,rep,name=limits,proto3" json:"limits,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - // +optional - Requests map[string]*Quantity `protobuf:"bytes,2,rep,name=requests,proto3" json:"requests,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *ResourceRequirements) Reset() { - *x = ResourceRequirements{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ResourceRequirements) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ResourceRequirements) ProtoMessage() {} - -func (x *ResourceRequirements) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ResourceRequirements.ProtoReflect.Descriptor instead. -func (*ResourceRequirements) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{13} -} - -func (x *ResourceRequirements) GetLimits() map[string]*Quantity { - if x != nil { - return x.Limits - } - return nil -} - -func (x *ResourceRequirements) GetRequests() map[string]*Quantity { - if x != nil { - return x.Requests - } - return nil -} - -// Replicas contains pod replica configuration -type Replicas struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Standard Kubernetes replica count configuration - // +kubebuilder:validation:Minimum=0 - Count *wrappers.Int32Value `protobuf:"bytes,1,opt,name=count,proto3" json:"count,omitempty"` - // min is the lower limit for the number of replicas to which the autoscaler - // can scale down. - // min and max both need to be set the turn on autoscaling. - // +kubebuilder:validation:Minimum=0 - Min *wrappers.Int32Value `protobuf:"bytes,2,opt,name=min,proto3" json:"min,omitempty"` - // max is the upper limit for the number of replicas to which the autoscaler can scale up. - // min and max both need to be set the turn on autoscaling. - // It cannot be less than min. - // +kubebuilder:validation:Minimum=1 - Max *wrappers.Int32Value `protobuf:"bytes,3,opt,name=max,proto3" json:"max,omitempty"` - // target average CPU utilization (represented as a percentage of requested CPU) over all the pods; - // default 80% will be used if not specified. - // +optional - // +kubebuilder:validation:Minimum=0 - TargetCPUUtilizationPercentage *wrappers.Int32Value `protobuf:"bytes,4,opt,name=targetCPUUtilizationPercentage,proto3" json:"targetCPUUtilizationPercentage,omitempty"` -} - -func (x *Replicas) Reset() { - *x = Replicas{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Replicas) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Replicas) ProtoMessage() {} - -func (x *Replicas) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Replicas.ProtoReflect.Descriptor instead. -func (*Replicas) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{14} -} - -func (x *Replicas) GetCount() *wrappers.Int32Value { - if x != nil { - return x.Count - } - return nil -} - -func (x *Replicas) GetMin() *wrappers.Int32Value { - if x != nil { - return x.Min - } - return nil -} - -func (x *Replicas) GetMax() *wrappers.Int32Value { - if x != nil { - return x.Max - } - return nil -} - -func (x *Replicas) GetTargetCPUUtilizationPercentage() *wrappers.Int32Value { - if x != nil { - return x.TargetCPUUtilizationPercentage - } - return nil -} - -type K8SResourceOverlayPatch struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - GroupVersionKind *K8SResourceOverlayPatch_GroupVersionKind `protobuf:"bytes,1,opt,name=groupVersionKind,proto3" json:"groupVersionKind,omitempty"` - ObjectKey *NamespacedName `protobuf:"bytes,2,opt,name=objectKey,proto3" json:"objectKey,omitempty"` - Patches []*K8SResourceOverlayPatch_Patch `protobuf:"bytes,3,rep,name=patches,proto3" json:"patches,omitempty"` -} - -func (x *K8SResourceOverlayPatch) Reset() { - *x = K8SResourceOverlayPatch{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *K8SResourceOverlayPatch) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*K8SResourceOverlayPatch) ProtoMessage() {} - -func (x *K8SResourceOverlayPatch) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use K8SResourceOverlayPatch.ProtoReflect.Descriptor instead. -func (*K8SResourceOverlayPatch) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{15} -} - -func (x *K8SResourceOverlayPatch) GetGroupVersionKind() *K8SResourceOverlayPatch_GroupVersionKind { - if x != nil { - return x.GroupVersionKind - } - return nil -} - -func (x *K8SResourceOverlayPatch) GetObjectKey() *NamespacedName { - if x != nil { - return x.ObjectKey - } - return nil -} - -func (x *K8SResourceOverlayPatch) GetPatches() []*K8SResourceOverlayPatch_Patch { - if x != nil { - return x.Patches - } - return nil -} - -// Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. -// +cue-gen-param:intorstring=true -// +cue-gen-param:set=pattern:^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$ - - -// IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. -// +cue-gen-param:intorstring=true - - -type DeploymentStrategy_RollingUpdateDeployment struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MaxUnavailable *IntOrString `protobuf:"bytes,1,opt,name=maxUnavailable,proto3" json:"maxUnavailable,omitempty"` - MaxSurge *IntOrString `protobuf:"bytes,2,opt,name=maxSurge,proto3" json:"maxSurge,omitempty"` -} - -func (x *DeploymentStrategy_RollingUpdateDeployment) Reset() { - *x = DeploymentStrategy_RollingUpdateDeployment{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DeploymentStrategy_RollingUpdateDeployment) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DeploymentStrategy_RollingUpdateDeployment) ProtoMessage() {} - -func (x *DeploymentStrategy_RollingUpdateDeployment) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DeploymentStrategy_RollingUpdateDeployment.ProtoReflect.Descriptor instead. -func (*DeploymentStrategy_RollingUpdateDeployment) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *DeploymentStrategy_RollingUpdateDeployment) GetMaxUnavailable() *IntOrString { - if x != nil { - return x.MaxUnavailable - } - return nil -} - -func (x *DeploymentStrategy_RollingUpdateDeployment) GetMaxSurge() *IntOrString { - if x != nil { - return x.MaxSurge - } - return nil -} - -type K8SResourceOverlayPatch_GroupVersionKind struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` - Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` - Group string `protobuf:"bytes,3,opt,name=group,proto3" json:"group,omitempty"` -} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) Reset() { - *x = K8SResourceOverlayPatch_GroupVersionKind{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[26] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*K8SResourceOverlayPatch_GroupVersionKind) ProtoMessage() {} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[26] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use K8SResourceOverlayPatch_GroupVersionKind.ProtoReflect.Descriptor instead. -func (*K8SResourceOverlayPatch_GroupVersionKind) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{15, 0} -} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) GetKind() string { - if x != nil { - return x.Kind - } - return "" -} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) GetVersion() string { - if x != nil { - return x.Version - } - return "" -} - -func (x *K8SResourceOverlayPatch_GroupVersionKind) GetGroup() string { - if x != nil { - return x.Group - } - return "" -} - -type K8SResourceOverlayPatch_Patch struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` - ParseValue bool `protobuf:"varint,3,opt,name=parseValue,proto3" json:"parseValue,omitempty"` - Type K8SResourceOverlayPatch_Type `protobuf:"varint,4,opt,name=type,proto3,enum=istio_operator.v2.api.v1alpha1.K8SResourceOverlayPatch_Type" json:"type,omitempty"` -} - -func (x *K8SResourceOverlayPatch_Patch) Reset() { - *x = K8SResourceOverlayPatch_Patch{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_common_proto_msgTypes[27] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *K8SResourceOverlayPatch_Patch) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*K8SResourceOverlayPatch_Patch) ProtoMessage() {} - -func (x *K8SResourceOverlayPatch_Patch) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_common_proto_msgTypes[27] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use K8SResourceOverlayPatch_Patch.ProtoReflect.Descriptor instead. -func (*K8SResourceOverlayPatch_Patch) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_common_proto_rawDescGZIP(), []int{15, 1} -} - -func (x *K8SResourceOverlayPatch_Patch) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *K8SResourceOverlayPatch_Patch) GetValue() string { - if x != nil { - return x.Value - } - return "" -} - -func (x *K8SResourceOverlayPatch_Patch) GetParseValue() bool { - if x != nil { - return x.ParseValue - } - return false -} - -func (x *K8SResourceOverlayPatch_Patch) GetType() K8SResourceOverlayPatch_Type { - if x != nil { - return x.Type - } - return K8SResourceOverlayPatch_unspecified -} - -var File_api_v1alpha1_common_proto protoreflect.FileDescriptor - -var file_api_v1alpha1_common_proto_rawDesc = []byte{ - 0x0a, 0x19, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, - 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, - 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6b, 0x38, - 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, - 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x19, 0x61, 0x70, 0x69, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, - 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbf, 0x02, - 0x0a, 0x0d, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, - 0x51, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x12, 0x60, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, - 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0xc1, 0x01, 0x0a, 0x1b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x6d, 0x61, - 0x67, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x10, 0x0a, 0x03, 0x68, 0x75, 0x62, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x68, 0x75, - 0x62, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x74, 0x61, 0x67, 0x12, 0x28, 0x0a, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, - 0x10, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, - 0x61, 0x6c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x52, 0x10, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x73, 0x22, 0xd2, 0x02, 0x0a, 0x24, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x52, 0x03, 0x65, 0x6e, 0x76, - 0x12, 0x52, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x12, 0x4d, 0x0a, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, - 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, - 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, - 0x78, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x78, 0x74, 0x12, 0x43, 0x0a, 0x0c, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, - 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x38, 0x73, 0x2e, - 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x56, - 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x0c, 0x76, 0x6f, 0x6c, 0x75, - 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x22, 0xec, 0x0c, 0x0a, 0x1c, 0x42, 0x61, 0x73, - 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, - 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, - 0x76, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x76, - 0x56, 0x61, 0x72, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x52, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, - 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x72, 0x0a, 0x0c, - 0x6e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x4e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0c, 0x6e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x12, 0x38, 0x0a, 0x08, 0x61, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, - 0x52, 0x08, 0x61, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a, 0x0f, 0x73, 0x65, - 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, - 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x28, 0x0a, 0x0f, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, 0x10, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, 0x6c, 0x6c, - 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, - 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x65, - 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x10, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x50, 0x75, - 0x6c, 0x6c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x70, 0x72, 0x69, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x74, 0x6f, 0x6c, 0x65, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x6b, - 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, - 0x31, 0x2e, 0x54, 0x6f, 0x6c, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x74, 0x6f, - 0x6c, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x34, 0x0a, 0x07, 0x76, 0x6f, 0x6c, - 0x75, 0x6d, 0x65, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6b, 0x38, 0x73, - 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, - 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, - 0x43, 0x0a, 0x0c, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, - 0x0d, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x0c, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, - 0x75, 0x6e, 0x74, 0x73, 0x12, 0x44, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, - 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, - 0x52, 0x08, 0x72, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x12, 0x4f, 0x0a, 0x0b, 0x70, 0x6f, - 0x64, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0b, - 0x70, 0x6f, 0x64, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x65, 0x0a, 0x13, 0x70, - 0x6f, 0x64, 0x44, 0x69, 0x73, 0x72, 0x75, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x64, 0x67, - 0x65, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x64, 0x44, 0x69, 0x73, - 0x72, 0x75, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x64, 0x67, 0x65, 0x74, 0x52, 0x13, 0x70, - 0x6f, 0x64, 0x44, 0x69, 0x73, 0x72, 0x75, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x64, 0x67, - 0x65, 0x74, 0x12, 0x62, 0x0a, 0x12, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, - 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, - 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, - 0x67, 0x79, 0x52, 0x12, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, - 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x56, 0x0a, 0x12, 0x70, 0x6f, 0x64, 0x53, 0x65, 0x63, - 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x12, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72, - 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x12, 0x70, 0x6f, 0x64, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4b, - 0x0a, 0x0d, 0x6c, 0x69, 0x76, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x18, - 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x0d, 0x6c, 0x69, - 0x76, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x4d, 0x0a, 0x0e, 0x72, - 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x14, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x0e, 0x72, 0x65, 0x61, 0x64, - 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x6a, 0x0a, 0x19, 0x74, 0x6f, - 0x70, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x53, 0x70, 0x72, 0x65, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x73, - 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, - 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x70, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x53, 0x70, 0x72, 0x65, 0x61, - 0x64, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x52, 0x19, 0x74, 0x6f, 0x70, - 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x53, 0x70, 0x72, 0x65, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x73, 0x74, - 0x72, 0x61, 0x69, 0x6e, 0x74, 0x73, 0x1a, 0x3f, 0x0a, 0x11, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xea, 0x02, 0x0a, 0x12, 0x44, 0x65, 0x70, 0x6c, - 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x12, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x70, 0x0a, 0x0d, 0x72, 0x6f, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x70, 0x6c, 0x6f, - 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x2e, 0x52, 0x6f, - 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x65, 0x70, 0x6c, 0x6f, - 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0d, 0x72, 0x6f, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x1a, 0xcd, 0x01, 0x0a, 0x17, 0x52, 0x6f, 0x6c, 0x6c, 0x69, 0x6e, 0x67, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, - 0x12, 0x5e, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x55, 0x6e, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, - 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x09, 0xfa, 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, - 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x55, 0x6e, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, - 0x12, 0x52, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x53, 0x75, 0x72, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x42, - 0x09, 0xfa, 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x53, - 0x75, 0x72, 0x67, 0x65, 0x22, 0xd1, 0x01, 0x0a, 0x13, 0x50, 0x6f, 0x64, 0x44, 0x69, 0x73, 0x72, - 0x75, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x75, 0x64, 0x67, 0x65, 0x74, 0x12, 0x5a, 0x0a, 0x0c, - 0x6d, 0x69, 0x6e, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x42, - 0x09, 0xfa, 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0c, 0x6d, 0x69, 0x6e, 0x41, - 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x5e, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x55, - 0x6e, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x09, 0xfa, - 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x55, 0x6e, 0x61, - 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xb8, 0x04, 0x0a, 0x05, 0x50, 0x72, 0x6f, - 0x62, 0x65, 0x12, 0x34, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1e, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x48, 0x00, 0x52, 0x04, 0x65, 0x78, 0x65, 0x63, 0x12, 0x49, 0x0a, 0x07, 0x68, 0x74, 0x74, 0x70, - 0x47, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x47, - 0x65, 0x74, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, - 0x47, 0x65, 0x74, 0x12, 0x4f, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, - 0x63, 0x6b, 0x65, 0x74, 0x12, 0x34, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x41, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x30, 0x0a, 0x13, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, - 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, - 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x26, 0x0a, 0x0e, - 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, - 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, - 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, - 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2a, 0x0a, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, - 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, - 0x6c, 0x64, 0x12, 0x44, 0x0a, 0x1d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x47, 0x72, 0x61, 0x63, 0x65, 0x50, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, - 0x6e, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x1d, 0x74, 0x65, 0x72, 0x6d, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x47, 0x72, 0x61, 0x63, 0x65, 0x50, 0x65, 0x72, 0x69, 0x6f, - 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x42, 0x09, 0x0a, 0x07, 0x68, 0x61, 0x6e, 0x64, - 0x6c, 0x65, 0x72, 0x22, 0xdd, 0x01, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x47, 0x65, 0x74, 0x41, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x4a, 0x0a, 0x04, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, - 0x72, 0x69, 0x6e, 0x67, 0x42, 0x09, 0xfa, 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, - 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, - 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x22, 0x71, 0x0a, 0x0f, 0x54, 0x43, 0x50, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, - 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, - 0x67, 0x42, 0x09, 0xfa, 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x22, 0xf6, 0x06, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x10, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, - 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x47, 0x0a, - 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, - 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6c, 0x75, - 0x73, 0x74, 0x65, 0x72, 0x49, 0x50, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x6c, - 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x50, 0x12, 0x18, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x49, 0x50, 0x73, 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, - 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x65, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x12, 0x26, 0x0a, - 0x0e, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x49, 0x50, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, - 0x63, 0x65, 0x72, 0x49, 0x50, 0x12, 0x3a, 0x0a, 0x18, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, - 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, - 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4e, 0x61, 0x6d, - 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0b, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x54, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x68, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x6f, - 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x56, 0x0a, - 0x18, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x4e, 0x6f, 0x74, 0x52, 0x65, 0x61, 0x64, 0x79, - 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x73, 0x68, 0x4e, 0x6f, 0x74, 0x52, 0x65, 0x61, 0x64, 0x79, 0x41, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x5f, 0x0a, 0x15, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x15, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x46, 0x61, 0x6d, 0x69, - 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x70, 0x46, 0x61, 0x6d, 0x69, - 0x6c, 0x79, 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0x80, 0x07, 0x0a, 0x12, 0x55, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, - 0x61, 0x12, 0x41, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x12, 0x5c, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, - 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x50, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x50, - 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x49, 0x50, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, - 0x12, 0x26, 0x0a, 0x0e, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x49, 0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, - 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x49, 0x50, 0x12, 0x3a, 0x0a, 0x18, 0x6c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, - 0x6e, 0x67, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x6c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, - 0x6e, 0x67, 0x65, 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x15, 0x65, 0x78, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, - 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4e, 0x6f, 0x64, - 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x68, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4e, 0x6f, 0x64, 0x65, 0x50, 0x6f, 0x72, 0x74, - 0x12, 0x56, 0x0a, 0x18, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x4e, 0x6f, 0x74, 0x52, 0x65, - 0x61, 0x64, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0d, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, - 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x4e, 0x6f, 0x74, 0x52, 0x65, 0x61, 0x64, 0x79, 0x41, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x5f, 0x0a, 0x15, 0x73, 0x65, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x52, 0x15, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x66, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x46, - 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x70, 0x46, - 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0xcb, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, - 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, - 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x56, 0x0a, 0x0a, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x09, 0xfa, - 0x82, 0x87, 0x03, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x50, 0x6f, 0x72, 0x74, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x50, 0x6f, 0x72, 0x74, - 0x22, 0x42, 0x0a, 0x0e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x64, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x22, 0xb0, 0x03, 0x0a, 0x14, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x62, 0x0a, - 0x06, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, - 0x6e, 0x74, 0x73, 0x2e, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, - 0x08, 0xfa, 0x82, 0x87, 0x03, 0x03, 0x6d, 0x61, 0x70, 0x52, 0x06, 0x6c, 0x69, 0x6d, 0x69, 0x74, - 0x73, 0x12, 0x68, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x08, 0xfa, 0x82, 0x87, 0x03, 0x03, 0x6d, 0x61, - 0x70, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x63, 0x0a, 0x0b, 0x4c, - 0x69, 0x6d, 0x69, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3e, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x61, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x1a, 0x65, 0x0a, 0x0d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x3e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x80, 0x02, 0x0a, 0x08, 0x52, 0x65, 0x70, 0x6c, - 0x69, 0x63, 0x61, 0x73, 0x12, 0x31, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2d, 0x0a, 0x03, 0x6d, 0x69, 0x6e, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x03, 0x6d, 0x69, 0x6e, 0x12, 0x2d, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x63, 0x0a, 0x1e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, - 0x50, 0x55, 0x55, 0x74, 0x69, 0x6c, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x74, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x43, 0x50, 0x55, 0x55, 0x74, 0x69, 0x6c, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x22, 0xe6, 0x04, 0x0a, 0x17, 0x4b, - 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, - 0x79, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x74, 0x0a, 0x10, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, - 0x72, 0x6c, 0x61, 0x79, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x10, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x4c, 0x0a, 0x09, - 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52, - 0x09, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x57, 0x0a, 0x07, 0x70, 0x61, - 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, 0x50, - 0x61, 0x74, 0x63, 0x68, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x70, 0x61, 0x74, 0x63, - 0x68, 0x65, 0x73, 0x1a, 0x56, 0x0a, 0x10, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x1a, 0xa3, 0x01, 0x0a, 0x05, - 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, - 0x1e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x73, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x73, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, - 0x50, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3c, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, - 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, - 0x79, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x22, 0x30, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x75, 0x6e, 0x73, - 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x72, 0x65, - 0x70, 0x6c, 0x61, 0x63, 0x65, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, - 0x65, 0x10, 0x02, 0x22, 0x0a, 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, - 0x0d, 0x0a, 0x0b, 0x49, 0x6e, 0x74, 0x4f, 0x72, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x2a, 0x6f, - 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, - 0x0b, 0x55, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0b, - 0x0a, 0x07, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x52, - 0x65, 0x63, 0x6f, 0x6e, 0x63, 0x69, 0x6c, 0x65, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x10, 0x02, - 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x65, 0x63, 0x6f, 0x6e, 0x63, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x10, - 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x10, 0x04, - 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x6e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x10, 0x05, 0x42, - 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, - 0x6e, 0x7a, 0x61, 0x69, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2d, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_api_v1alpha1_common_proto_rawDescOnce sync.Once - file_api_v1alpha1_common_proto_rawDescData = file_api_v1alpha1_common_proto_rawDesc -) - -func file_api_v1alpha1_common_proto_rawDescGZIP() []byte { - file_api_v1alpha1_common_proto_rawDescOnce.Do(func() { - file_api_v1alpha1_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_api_v1alpha1_common_proto_rawDescData) - }) - return file_api_v1alpha1_common_proto_rawDescData -} - -var file_api_v1alpha1_common_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_api_v1alpha1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 28) -var file_api_v1alpha1_common_proto_goTypes = []interface{}{ - (ConfigState)(0), // 0: istio_operator.v2.api.v1alpha1.ConfigState - (K8SResourceOverlayPatch_Type)(0), // 1: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type - (*K8SObjectMeta)(nil), // 2: istio_operator.v2.api.v1alpha1.K8sObjectMeta - (*ContainerImageConfiguration)(nil), // 3: istio_operator.v2.api.v1alpha1.ContainerImageConfiguration - (*BaseKubernetesContainerConfiguration)(nil), // 4: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration - (*BaseKubernetesResourceConfig)(nil), // 5: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - (*DeploymentStrategy)(nil), // 6: istio_operator.v2.api.v1alpha1.DeploymentStrategy - (*PodDisruptionBudget)(nil), // 7: istio_operator.v2.api.v1alpha1.PodDisruptionBudget - (*Probe)(nil), // 8: istio_operator.v2.api.v1alpha1.Probe - (*HTTPGetAction)(nil), // 9: istio_operator.v2.api.v1alpha1.HTTPGetAction - (*TCPSocketAction)(nil), // 10: istio_operator.v2.api.v1alpha1.TCPSocketAction - (*Service)(nil), // 11: istio_operator.v2.api.v1alpha1.Service - (*UnprotectedService)(nil), // 12: istio_operator.v2.api.v1alpha1.UnprotectedService - (*ServicePort)(nil), // 13: istio_operator.v2.api.v1alpha1.ServicePort - (*NamespacedName)(nil), // 14: istio_operator.v2.api.v1alpha1.NamespacedName - (*ResourceRequirements)(nil), // 15: istio_operator.v2.api.v1alpha1.ResourceRequirements - (*Replicas)(nil), // 16: istio_operator.v2.api.v1alpha1.Replicas - (*K8SResourceOverlayPatch)(nil), // 17: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - (*Quantity)(nil), // 18: istio_operator.v2.api.v1alpha1.Quantity - (*IntOrString)(nil), // 19: istio_operator.v2.api.v1alpha1.IntOrString - nil, // 20: istio_operator.v2.api.v1alpha1.K8sObjectMeta.LabelsEntry - nil, // 21: istio_operator.v2.api.v1alpha1.K8sObjectMeta.AnnotationsEntry - nil, // 22: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.NodeSelectorEntry - (*DeploymentStrategy_RollingUpdateDeployment)(nil), // 23: istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment - nil, // 24: istio_operator.v2.api.v1alpha1.Service.SelectorEntry - nil, // 25: istio_operator.v2.api.v1alpha1.UnprotectedService.SelectorEntry - nil, // 26: istio_operator.v2.api.v1alpha1.ResourceRequirements.LimitsEntry - nil, // 27: istio_operator.v2.api.v1alpha1.ResourceRequirements.RequestsEntry - (*K8SResourceOverlayPatch_GroupVersionKind)(nil), // 28: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind - (*K8SResourceOverlayPatch_Patch)(nil), // 29: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch - (*v1.LocalObjectReference)(nil), // 30: k8s.io.api.core.v1.LocalObjectReference - (*v1.EnvVar)(nil), // 31: k8s.io.api.core.v1.EnvVar - (*v1.SecurityContext)(nil), // 32: k8s.io.api.core.v1.SecurityContext - (*v1.VolumeMount)(nil), // 33: k8s.io.api.core.v1.VolumeMount - (*v1.Affinity)(nil), // 34: k8s.io.api.core.v1.Affinity - (*v1.Toleration)(nil), // 35: k8s.io.api.core.v1.Toleration - (*v1.Volume)(nil), // 36: k8s.io.api.core.v1.Volume - (*v1.PodSecurityContext)(nil), // 37: k8s.io.api.core.v1.PodSecurityContext - (*v1.TopologySpreadConstraint)(nil), // 38: k8s.io.api.core.v1.TopologySpreadConstraint - (*v1.ExecAction)(nil), // 39: k8s.io.api.core.v1.ExecAction - (*v1.GRPCAction)(nil), // 40: k8s.io.api.core.v1.GRPCAction - (*v1.HTTPHeader)(nil), // 41: k8s.io.api.core.v1.HTTPHeader - (*wrappers.BoolValue)(nil), // 42: google.protobuf.BoolValue - (*v1.SessionAffinityConfig)(nil), // 43: k8s.io.api.core.v1.SessionAffinityConfig - (*wrappers.Int32Value)(nil), // 44: google.protobuf.Int32Value -} -var file_api_v1alpha1_common_proto_depIdxs = []int32{ - 20, // 0: istio_operator.v2.api.v1alpha1.K8sObjectMeta.labels:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta.LabelsEntry - 21, // 1: istio_operator.v2.api.v1alpha1.K8sObjectMeta.annotations:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta.AnnotationsEntry - 30, // 2: istio_operator.v2.api.v1alpha1.ContainerImageConfiguration.imagePullSecrets:type_name -> k8s.io.api.core.v1.LocalObjectReference - 31, // 3: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration.env:type_name -> k8s.io.api.core.v1.EnvVar - 15, // 4: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration.resources:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements - 32, // 5: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration.securityContext:type_name -> k8s.io.api.core.v1.SecurityContext - 33, // 6: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration.volumeMounts:type_name -> k8s.io.api.core.v1.VolumeMount - 2, // 7: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.metadata:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta - 31, // 8: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.env:type_name -> k8s.io.api.core.v1.EnvVar - 15, // 9: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.resources:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements - 22, // 10: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.nodeSelector:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.NodeSelectorEntry - 34, // 11: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.affinity:type_name -> k8s.io.api.core.v1.Affinity - 32, // 12: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.securityContext:type_name -> k8s.io.api.core.v1.SecurityContext - 30, // 13: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.imagePullSecrets:type_name -> k8s.io.api.core.v1.LocalObjectReference - 35, // 14: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.tolerations:type_name -> k8s.io.api.core.v1.Toleration - 36, // 15: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.volumes:type_name -> k8s.io.api.core.v1.Volume - 33, // 16: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.volumeMounts:type_name -> k8s.io.api.core.v1.VolumeMount - 16, // 17: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.replicas:type_name -> istio_operator.v2.api.v1alpha1.Replicas - 2, // 18: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.podMetadata:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta - 7, // 19: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.podDisruptionBudget:type_name -> istio_operator.v2.api.v1alpha1.PodDisruptionBudget - 6, // 20: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.deploymentStrategy:type_name -> istio_operator.v2.api.v1alpha1.DeploymentStrategy - 37, // 21: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.podSecurityContext:type_name -> k8s.io.api.core.v1.PodSecurityContext - 8, // 22: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.livenessProbe:type_name -> istio_operator.v2.api.v1alpha1.Probe - 8, // 23: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.readinessProbe:type_name -> istio_operator.v2.api.v1alpha1.Probe - 38, // 24: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig.topologySpreadConstraints:type_name -> k8s.io.api.core.v1.TopologySpreadConstraint - 23, // 25: istio_operator.v2.api.v1alpha1.DeploymentStrategy.rollingUpdate:type_name -> istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment - 19, // 26: istio_operator.v2.api.v1alpha1.PodDisruptionBudget.minAvailable:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 19, // 27: istio_operator.v2.api.v1alpha1.PodDisruptionBudget.maxUnavailable:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 39, // 28: istio_operator.v2.api.v1alpha1.Probe.exec:type_name -> k8s.io.api.core.v1.ExecAction - 9, // 29: istio_operator.v2.api.v1alpha1.Probe.httpGet:type_name -> istio_operator.v2.api.v1alpha1.HTTPGetAction - 10, // 30: istio_operator.v2.api.v1alpha1.Probe.tcpSocket:type_name -> istio_operator.v2.api.v1alpha1.TCPSocketAction - 40, // 31: istio_operator.v2.api.v1alpha1.Probe.grpc:type_name -> k8s.io.api.core.v1.GRPCAction - 19, // 32: istio_operator.v2.api.v1alpha1.HTTPGetAction.port:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 41, // 33: istio_operator.v2.api.v1alpha1.HTTPGetAction.httpHeaders:type_name -> k8s.io.api.core.v1.HTTPHeader - 19, // 34: istio_operator.v2.api.v1alpha1.TCPSocketAction.port:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 2, // 35: istio_operator.v2.api.v1alpha1.Service.metadata:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta - 13, // 36: istio_operator.v2.api.v1alpha1.Service.ports:type_name -> istio_operator.v2.api.v1alpha1.ServicePort - 24, // 37: istio_operator.v2.api.v1alpha1.Service.selector:type_name -> istio_operator.v2.api.v1alpha1.Service.SelectorEntry - 42, // 38: istio_operator.v2.api.v1alpha1.Service.publishNotReadyAddresses:type_name -> google.protobuf.BoolValue - 43, // 39: istio_operator.v2.api.v1alpha1.Service.sessionAffinityConfig:type_name -> k8s.io.api.core.v1.SessionAffinityConfig - 2, // 40: istio_operator.v2.api.v1alpha1.UnprotectedService.metadata:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta - 13, // 41: istio_operator.v2.api.v1alpha1.UnprotectedService.ports:type_name -> istio_operator.v2.api.v1alpha1.ServicePort - 25, // 42: istio_operator.v2.api.v1alpha1.UnprotectedService.selector:type_name -> istio_operator.v2.api.v1alpha1.UnprotectedService.SelectorEntry - 42, // 43: istio_operator.v2.api.v1alpha1.UnprotectedService.publishNotReadyAddresses:type_name -> google.protobuf.BoolValue - 43, // 44: istio_operator.v2.api.v1alpha1.UnprotectedService.sessionAffinityConfig:type_name -> k8s.io.api.core.v1.SessionAffinityConfig - 19, // 45: istio_operator.v2.api.v1alpha1.ServicePort.targetPort:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 26, // 46: istio_operator.v2.api.v1alpha1.ResourceRequirements.limits:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements.LimitsEntry - 27, // 47: istio_operator.v2.api.v1alpha1.ResourceRequirements.requests:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements.RequestsEntry - 44, // 48: istio_operator.v2.api.v1alpha1.Replicas.count:type_name -> google.protobuf.Int32Value - 44, // 49: istio_operator.v2.api.v1alpha1.Replicas.min:type_name -> google.protobuf.Int32Value - 44, // 50: istio_operator.v2.api.v1alpha1.Replicas.max:type_name -> google.protobuf.Int32Value - 44, // 51: istio_operator.v2.api.v1alpha1.Replicas.targetCPUUtilizationPercentage:type_name -> google.protobuf.Int32Value - 28, // 52: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.groupVersionKind:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind - 14, // 53: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.objectKey:type_name -> istio_operator.v2.api.v1alpha1.NamespacedName - 29, // 54: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.patches:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch - 19, // 55: istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment.maxUnavailable:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 19, // 56: istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment.maxSurge:type_name -> istio_operator.v2.api.v1alpha1.IntOrString - 18, // 57: istio_operator.v2.api.v1alpha1.ResourceRequirements.LimitsEntry.value:type_name -> istio_operator.v2.api.v1alpha1.Quantity - 18, // 58: istio_operator.v2.api.v1alpha1.ResourceRequirements.RequestsEntry.value:type_name -> istio_operator.v2.api.v1alpha1.Quantity - 1, // 59: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch.type:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type - 60, // [60:60] is the sub-list for method output_type - 60, // [60:60] is the sub-list for method input_type - 60, // [60:60] is the sub-list for extension type_name - 60, // [60:60] is the sub-list for extension extendee - 0, // [0:60] is the sub-list for field type_name -} - -func init() { file_api_v1alpha1_common_proto_init() } -func file_api_v1alpha1_common_proto_init() { - if File_api_v1alpha1_common_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_api_v1alpha1_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*K8SObjectMeta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ContainerImageConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BaseKubernetesContainerConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BaseKubernetesResourceConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeploymentStrategy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PodDisruptionBudget); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Probe); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPGetAction); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPSocketAction); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Service); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnprotectedService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServicePort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NamespacedName); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResourceRequirements); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Replicas); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*K8SResourceOverlayPatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeploymentStrategy_RollingUpdateDeployment); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*K8SResourceOverlayPatch_GroupVersionKind); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_common_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*K8SResourceOverlayPatch_Patch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_api_v1alpha1_common_proto_msgTypes[6].OneofWrappers = []interface{}{ - (*Probe_Exec)(nil), - (*Probe_HttpGet)(nil), - (*Probe_TcpSocket)(nil), - (*Probe_Grpc)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_api_v1alpha1_common_proto_rawDesc, - NumEnums: 2, - NumMessages: 28, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_api_v1alpha1_common_proto_goTypes, - DependencyIndexes: file_api_v1alpha1_common_proto_depIdxs, - EnumInfos: file_api_v1alpha1_common_proto_enumTypes, - MessageInfos: file_api_v1alpha1_common_proto_msgTypes, - }.Build() - File_api_v1alpha1_common_proto = out.File - file_api_v1alpha1_common_proto_rawDesc = nil - file_api_v1alpha1_common_proto_goTypes = nil - file_api_v1alpha1_common_proto_depIdxs = nil -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.html b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.html deleted file mode 100644 index 289195ea6..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.pb.html +++ /dev/null @@ -1,2855 +0,0 @@ ---- -title: istio_operator.v2.api.v1alpha1 -layout: protoc-gen-docs -generator: protoc-gen-docs -number_of_entries: 36 ---- -

K8sObjectMeta

-
-

Generic k8s resource metadata

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
labelsmap<string, string> -

Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels -+optional

- -		 -No -
annotationsmap<string, string> -

Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -+optional

- -		 -No -
-
-

ContainerImageConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
hubstring -

Default hub for container images.

- -		 -No -
tagstring -

Default tag for container images.

- -		 -No -
imagePullPolicystring -

Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -+optional -+kubebuilder:validation:Enum=Always;Never;IfNotPresent

- -		 -No -
imagePullSecretsLocalObjectReference[] -

ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. -+optional

- -		 -No -
-
-

BaseKubernetesContainerConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
imagestring -

Standard Kubernetes container image configuration

- -		 -No -
envEnvVar[] -

If present will be appended to the environment variables of the container

- -		 -No -
resourcesResourceRequirements -

Standard Kubernetes resource configuration, memory and CPU resource requirements

- -		 -No -
securityContextSecurityContext -

Standard Kubernetes security context configuration

- -		 -No -
volumeMountsVolumeMount[] -

Pod volumes to mount into the container’s filesystem. -Cannot be updated. -+optional -+patchMergeKey=mountPath -+patchStrategy=merge

- -		 -No -
-
-

BaseKubernetesResourceConfig

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta -

Generic k8s resource metadata

- -		 -No -
imagestring -

Standard Kubernetes container image configuration

- -		 -No -
envEnvVar[] -

If present will be appended to the environment variables of the container

- -		 -No -
resourcesResourceRequirements -

Standard Kubernetes resource configuration, memory and CPU resource requirements

- -		 -No -
nodeSelectormap<string, string> -

Standard Kubernetes node selector configuration

- -		 -No -
affinityAffinity -

Standard Kubernetes affinity configuration

- -		 -No -
securityContextSecurityContext -

Standard Kubernetes security context configuration

- -		 -No -
imagePullPolicystring -

Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -+optional

- -		 -No -
imagePullSecretsLocalObjectReference[] -

ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. -+optional

- -		 -No -
priorityClassNamestring -

If specified, indicates the pod’s priority. “system-node-critical” and -“system-cluster-critical” are two special keywords which indicate the -highest priorities with the former being the highest priority. Any other -name must be defined by creating a PriorityClass object with that name. -If not specified, the pod priority will be default or zero if there is no -default. -+optional

- -		 -No -
tolerationsToleration[] -

If specified, the pod’s tolerations. -+optional

- -		 -No -
volumesVolume[] -

List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes -+optional -+patchMergeKey=name -+patchStrategy=merge,retainKeys

- -		 -No -
volumeMountsVolumeMount[] -

Pod volumes to mount into the container’s filesystem. -Cannot be updated. -+optional -+patchMergeKey=mountPath -+patchStrategy=merge

- -		 -No -
replicasReplicas -

Replica configuration

- -		 -No -
podMetadataK8sObjectMeta -

Standard Kubernetes pod annotation and label configuration

- -		 -No -
podDisruptionBudgetPodDisruptionBudget -

PodDisruptionBudget configuration

- -		 -No -
deploymentStrategyDeploymentStrategy -

DeploymentStrategy configuration

- -		 -No -
podSecurityContextPodSecurityContext -

Standard Kubernetes pod security context configuration

- -		 -No -
livenessProbeProbe -

Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
readinessProbeProbe -

Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
topologySpreadConstraintsTopologySpreadConstraint[] -

Used to control how Pods are spread across a cluster among failure-domains. -This can help to achieve high availability as well as efficient resource utilization. -More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints -+optional

- -		 -No -
-
-

DeploymentStrategy

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
typestring -

Type of deployment. Can be “Recreate” or “RollingUpdate”. Default is RollingUpdate. -+optional

- -		 -No -
rollingUpdateRollingUpdateDeployment -

Rolling update config params. Present only if DeploymentStrategyType = -RollingUpdate. -+optional

- -		 -No -
-
-

PodDisruptionBudget

-
-

PodDisruptionBudget is a description of a PodDisruptionBudget

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
minAvailableIntOrString -

An eviction is allowed if at least “minAvailable” pods selected by -“selector” will still be available after the eviction, i.e. even in the -absence of the evicted pod. So for example you can prevent all voluntary -evictions by specifying “100%”. -+optional

- -		 -No -
maxUnavailableIntOrString -

An eviction is allowed if at most “maxUnavailable” pods selected by -“selector” are unavailable after the eviction, i.e. even in absence of -the evicted pod. For example, one can prevent all voluntary evictions -by specifying 0. This is a mutually exclusive setting with “minAvailable”. -+optional

- -		 -No -
-
-

Probe

-
-

Probe describes a health check to be performed against a container to determine whether it is -alive or ready to receive traffic.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
execExecAction (oneof) -

Exec specifies the action to take. -+optional

- -		 -No -
httpGetHTTPGetAction (oneof) -

HTTPGet specifies the http request to perform. -+optional

- -		 -No -
tcpSocketTCPSocketAction (oneof) -

TCPSocket specifies an action involving a TCP port. -+optional

- -		 -No -
grpcGRPCAction (oneof) -

GRPC specifies an action involving a GRPC port. -This is a beta field and requires enabling GRPCContainerProbe feature gate. -+featureGate=GRPCContainerProbe -+optional

- -		 -No -
initialDelaySecondsint32 -

Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
timeoutSecondsint32 -

Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
periodSecondsint32 -

How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1. -+optional

- -		 -No -
successThresholdint32 -

Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -+optional

- -		 -No -
failureThresholdint32 -

Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1. -+optional

- -		 -No -
terminationGracePeriodSecondsint64 -

Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod’s terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. -+optional

- -		 -No -
-
-

HTTPGetAction

-
-

HTTPGetAction describes an action based on HTTP Get requests.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
pathstring -

Path to access on the HTTP server. -+optional

- -		 -No -
portIntOrString -

Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.

- -		 -No -
hoststring -

Host name to connect to, defaults to the pod IP. You probably want to set -“Host” in httpHeaders instead. -+optional

- -		 -No -
schemestring -

Scheme to use for connecting to the host. -Defaults to HTTP. -+optional

- -		 -No -
httpHeadersHTTPHeader[] -

Custom headers to set in the request. HTTP allows repeated headers. -+optional

- -		 -No -
-
-

TCPSocketAction

-
-

TCPSocketAction describes an action based on opening a socket

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
portIntOrString -

Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.

- -		 -No -
hoststring -

Optional: Host name to connect to, defaults to the pod IP. -+optional

- -		 -No -
-
-

Service

-
-

Service describes the attributes that a user creates on a service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta - -No -
portsServicePort[] -

The list of ports that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+patchMergeKey=port -+patchStrategy=merge -+listType=map -+listMapKey=port -+listMapKey=protocol -+kubebuilder:validation:MinItems=1

- -		 -Yes -
selectormap<string, string> -

Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ -+optional

- -		 -No -
clusterIPstring -

clusterIP is the IP address of the service and is usually assigned -randomly by the master. If an address is specified manually and is not in -use by others, it will be allocated to the service; otherwise, creation -of the service will fail. This field can not be changed through updates. -Valid values are “None”, empty string (“”), or a valid IP address. “None” -can be specified for headless services when proxying is not required. -Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if -type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
typestring -

type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -+optional -+kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

- -		 -Yes -
externalIPsstring[] -

externalIPs is a list of IP addresses for which nodes in the cluster -will also accept traffic for this service. These IPs are not managed by -Kubernetes. The user is responsible for ensuring that traffic arrives -at a node with this IP. A common example is external load-balancers -that are not part of the Kubernetes system. -+optional

- -		 -No -
sessionAffinitystring -

Supports “ClientIP” and “None”. Used to maintain session affinity. -Enable client IP based session affinity. -Must be ClientIP or None. -Defaults to None. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
loadBalancerIPstring -

Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. -+optional

- -		 -No -
loadBalancerSourceRangesstring[] -

If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ -+optional

- -		 -No -
externalNamestring -

externalName is the external reference that kubedns or equivalent will -return as a CNAME record for this service. No proxying will be involved. -Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) -and requires Type to be ExternalName. -+optional

- -		 -No -
externalTrafficPolicystring -

externalTrafficPolicy denotes if this Service desires to route external -traffic to node-local or cluster-wide endpoints. “Local” preserves the -client source IP and avoids a second hop for LoadBalancer and Nodeport -type services, but risks potentially imbalanced traffic spreading. -“Cluster” obscures the client source IP and may cause a second hop to -another node, but should have good overall load-spreading. -+optional

- -		 -No -
healthCheckNodePortint32 -

healthCheckNodePort specifies the healthcheck nodePort for the service. -If not specified, HealthCheckNodePort is created by the service api -backend with the allocated nodePort. Will use user-specified nodePort value -if specified by the client. Only effects when Type is set to LoadBalancer -and ExternalTrafficPolicy is set to Local. -+optional

- -		 -No -
publishNotReadyAddressesBoolValue -

publishNotReadyAddresses, when set to true, indicates that DNS implementations -must publish the notReadyAddresses of subsets for the Endpoints associated with -the Service. The default value is false. -The primary use case for setting this field is to use a StatefulSet’s Headless Service -to propagate SRV records for its Pods without respect to their readiness for purpose -of peer discovery. -+optional

- -		 -No -
sessionAffinityConfigSessionAffinityConfig -

sessionAffinityConfig contains the configurations of session affinity. -+optional

- -		 -No -
ipFamilystring -

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. -IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is -available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. -Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which -allocate external load-balancers should use the same IP family. Endpoints for this Service will be of -this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the -cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. -+optional

- -		 -No -
-
-

UnprotectedService

-
-

Service describes the attributes that a user creates on a service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta - -No -
portsServicePort[] -

The list of ports that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+patchMergeKey=port -+patchStrategy=merge -+listType=map -+listMapKey=port -+listMapKey=protocol

- -		 -No -
selectormap<string, string> -

Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ -+optional

- -		 -No -
clusterIPstring -

clusterIP is the IP address of the service and is usually assigned -randomly by the master. If an address is specified manually and is not in -use by others, it will be allocated to the service; otherwise, creation -of the service will fail. This field can not be changed through updates. -Valid values are “None”, empty string (“”), or a valid IP address. “None” -can be specified for headless services when proxying is not required. -Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if -type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
typestring -

type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -+optional -+kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

- -		 -No -
externalIPsstring[] -

externalIPs is a list of IP addresses for which nodes in the cluster -will also accept traffic for this service. These IPs are not managed by -Kubernetes. The user is responsible for ensuring that traffic arrives -at a node with this IP. A common example is external load-balancers -that are not part of the Kubernetes system. -+optional

- -		 -No -
sessionAffinitystring -

Supports “ClientIP” and “None”. Used to maintain session affinity. -Enable client IP based session affinity. -Must be ClientIP or None. -Defaults to None. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
loadBalancerIPstring -

Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. -+optional

- -		 -No -
loadBalancerSourceRangesstring[] -

If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ -+optional

- -		 -No -
externalNamestring -

externalName is the external reference that kubedns or equivalent will -return as a CNAME record for this service. No proxying will be involved. -Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) -and requires Type to be ExternalName. -+optional

- -		 -No -
externalTrafficPolicystring -

externalTrafficPolicy denotes if this Service desires to route external -traffic to node-local or cluster-wide endpoints. “Local” preserves the -client source IP and avoids a second hop for LoadBalancer and Nodeport -type services, but risks potentially imbalanced traffic spreading. -“Cluster” obscures the client source IP and may cause a second hop to -another node, but should have good overall load-spreading. -+optional

- -		 -No -
healthCheckNodePortint32 -

healthCheckNodePort specifies the healthcheck nodePort for the service. -If not specified, HealthCheckNodePort is created by the service api -backend with the allocated nodePort. Will use user-specified nodePort value -if specified by the client. Only effects when Type is set to LoadBalancer -and ExternalTrafficPolicy is set to Local. -+optional

- -		 -No -
publishNotReadyAddressesBoolValue -

publishNotReadyAddresses, when set to true, indicates that DNS implementations -must publish the notReadyAddresses of subsets for the Endpoints associated with -the Service. The default value is false. -The primary use case for setting this field is to use a StatefulSet’s Headless Service -to propagate SRV records for its Pods without respect to their readiness for purpose -of peer discovery. -+optional

- -		 -No -
sessionAffinityConfigSessionAffinityConfig -

sessionAffinityConfig contains the configurations of session affinity. -+optional

- -		 -No -
ipFamilystring -

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. -IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is -available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. -Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which -allocate external load-balancers should use the same IP family. Endpoints for this Service will be of -this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the -cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. -+optional

- -		 -No -
-
-

ServicePort

-
-

ServicePort contains information on service’s port.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

The name of this port within the service. This must be a DNS_LABEL. -All ports within a ServiceSpec must have unique names. When considering -the endpoints for a Service, this must match the ‘name’ field in the -EndpointPort. -if only one ServicePort is defined on this service. -+optional

- -		 -No -
protocolstring -

The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. -Default is TCP. -+optional -+kubebuilder:default=TCP

- -		 -No -
portint32 -

The port that will be exposed by this service.

- -		 -Yes -
targetPortIntOrString -

Number or name of the port to access on the pods targeted by the service. -Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. -If this is a string, it will be looked up as a named port in the -target Pod’s container ports. If this is not specified, the value -of the ‘port’ field is used (an identity map). -This field is ignored for services with clusterIP=None, and should be -omitted or set equal to the ‘port’ field. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service -+optional

- -		 -No -
nodePortint32 -

The port on each node on which this service is exposed when type=NodePort or LoadBalancer. -Usually assigned by the system. If specified, it will be allocated to the service -if unused or else creation of the service will fail. -Default is to auto-allocate a port if the ServiceType of this Service requires one. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport -+optional

- -		 -No -
-
-

NamespacedName

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

Name of the referenced Kubernetes resource

- -		 -No -
namespacestring -

Namespace of the referenced Kubernetes resource

- -		 -No -
-
-

ResourceRequirements

-
-

ResourceRequirements describes the compute resource requirements.

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
limitsmap<string, Quantity> -

Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -+optional

- -		 -No -
requestsmap<string, Quantity> -

Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -+optional

- -		 -No -
-
-

Replicas

-
-

Replicas contains pod replica configuration

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
countInt32Value -

Standard Kubernetes replica count configuration -+kubebuilder:validation:Minimum=0

- -		 -No -
minInt32Value -

min is the lower limit for the number of replicas to which the autoscaler -can scale down. -min and max both need to be set the turn on autoscaling. -+kubebuilder:validation:Minimum=0

- -		 -No -
maxInt32Value -

max is the upper limit for the number of replicas to which the autoscaler can scale up. -min and max both need to be set the turn on autoscaling. -It cannot be less than min. -+kubebuilder:validation:Minimum=1

- -		 -No -
targetCPUUtilizationPercentageInt32Value -

target average CPU utilization (represented as a percentage of requested CPU) over all the pods; -default 80% will be used if not specified. -+optional -+kubebuilder:validation:Minimum=0

- -		 -No -
-
-

K8sResourceOverlayPatch

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
groupVersionKindGroupVersionKind - -No -
objectKeyNamespacedName - -No -
patchesPatch[] - -No -
-
-

Quantity

-
-

Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. -+cue-gen-param:intorstring=true -+cue-gen-param:set=pattern:^(\+|-)?(([0-9]+(\.[0-9])?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|(eE?(([0-9]+(\.[0-9])?)|(\.[0-9]+))))?$ -GOTYPE: *Quantity

- -
-

IntOrString

-
-

IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. -+cue-gen-param:intorstring=true -GOTYPE: *IntOrString

- -
-

DeploymentStrategy.RollingUpdateDeployment

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
maxUnavailableIntOrString - -No -
maxSurgeIntOrString - -No -
-
-

K8sResourceOverlayPatch.GroupVersionKind

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
kindstring - -No -
versionstring - -No -
groupstring - -No -
-
-

K8sResourceOverlayPatch.Patch

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
pathstring - -No -
valuestring - -No -
parseValuebool - -No -
typeType - -No -
-
-

k8s.io.api.core.v1.LocalObjectReference

-
-

LocalObjectReference contains enough information to let you locate the -referenced object inside the same namespace. -+structType=atomic

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid? -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.EnvVar

-
-

EnvVar represents an environment variable present in a Container.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

Name of the environment variable. Must be a C_IDENTIFIER.

- -		 -No -
valuestring -

Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -“$$(VAR_NAME)” will produce the string literal “$(VAR_NAME)”. -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to “”. -+optional

- -		 -No -
valueFromEnvVarSource -

Source for the environment variable’s value. Cannot be used if value is not empty. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.SecurityContext

-
-

SecurityContext holds security configuration that will be applied to a container. -Some fields are present in both SecurityContext and PodSecurityContext. When both -are set, the values in SecurityContext take precedence.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
capabilitiesCapabilities -

The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
privilegedbool -

Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
seLinuxOptionsSELinuxOptions -

The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
windowsOptionsWindowsSecurityContextOptions -

The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. -+optional

- -		 -No -
runAsUserint64 -

The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
runAsGroupint64 -

The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
runAsNonRootbool -

Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -+optional

- -		 -No -
readOnlyRootFilesystembool -

Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
allowPrivilegeEscalationbool -

AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
procMountstring -

procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
seccompProfileSeccompProfile -

The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.VolumeMount

-
-

VolumeMount describes a mounting of a Volume within a container.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

This must match the Name of a Volume.

- -		 -No -
readOnlybool -

Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false. -+optional

- -		 -No -
mountPathstring -

Path within the container at which the volume should be mounted. Must -not contain ‘:’.

- -		 -No -
subPathstring -

Path within the volume from which the container’s volume should be mounted. -Defaults to “” (volume’s root). -+optional

- -		 -No -
mountPropagationstring -

mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10. -+optional

- -		 -No -
subPathExprstring -

Expanded path within the volume from which the container’s volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. -Defaults to “” (volume’s root). -SubPathExpr and SubPath are mutually exclusive. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.Affinity

-
-

Affinity is a group of affinity scheduling rules.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
nodeAffinityNodeAffinity -

Describes node affinity scheduling rules for the pod. -+optional

- -		 -No -
podAffinityPodAffinity -

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). -+optional

- -		 -No -
podAntiAffinityPodAntiAffinity -

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.Toleration

-
-

The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator .

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
keystring -

Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys. -+optional

- -		 -No -
operatorstring -

Operator represents a key’s relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category. -+optional

- -		 -No -
valuestring -

Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string. -+optional

- -		 -No -
effectstring -

Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -+optional

- -		 -No -
tolerationSecondsint64 -

TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.Volume

-
-

Volume represents a named volume in a pod that may be accessed by any container in the pod.

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

- -		 -No -
volumeSourceVolumeSource -

volumeSource represents the location and type of the mounted volume. -If not specified, the Volume is implied to be an EmptyDir. -This implied behavior is deprecated and will be removed in a future version.

- -		 -No -
-
-

k8s.io.api.core.v1.PodSecurityContext

-
-

PodSecurityContext holds pod-level security attributes and common container settings. -Some fields are also present in container.securityContext. Field values of -container.securityContext take precedence over field values of PodSecurityContext.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
seLinuxOptionsSELinuxOptions -

The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
windowsOptionsWindowsSecurityContextOptions -

The Windows specific settings applied to all containers. -If unspecified, the options within a container’s SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. -+optional

- -		 -No -
runAsUserint64 -

The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
runAsGroupint64 -

The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
runAsNonRootbool -

Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -+optional

- -		 -No -
supplementalGroupsint64[] -

A list of groups applied to the first process run in each container, in addition -to the container’s primary GID. If unspecified, no groups will be added to -any container. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
fsGroupint64 -

A special supplemental group that applies to all containers in a pod. -Some volume types allow the Kubelet to change the ownership of that volume -to be owned by the pod:

- -
    -
  1. The owning GID will be the FSGroup
    2. -
  2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
    3. -
  3. The permission bits are OR’d with rw-rw—-
    4. -
- -

If unset, the Kubelet will not modify the ownership and permissions of any volume. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
sysctlsSysctl[] -

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported -sysctls (by the container runtime) might fail to launch. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
fsGroupChangePolicystring -

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume -before being exposed inside Pod. This field will only apply to -volume types which support fsGroup based ownership(and permissions). -It will have no effect on ephemeral volume types such as: secret, configmaps -and emptydir. -Valid values are “OnRootMismatch” and “Always”. If not specified, “Always” is used. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
seccompProfileSeccompProfile -

The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.TopologySpreadConstraint

-
-

TopologySpreadConstraint specifies how to spread matching pods among the given topology.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
maxSkewint32 -

MaxSkew describes the degree to which pods may be unevenly distributed. -When whenUnsatisfiable=DoNotSchedule, it is the maximum permitted difference -between the number of matching pods in the target topology and the global minimum. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 1/1/0: -+——-+——-+——-+ -| zone1 | zone2 | zone3 | -+——-+——-+——-+ -| P | P | | -+——-+——-+——-+ -- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; -scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) -violate MaxSkew(1). -- if MaxSkew is 2, incoming pod can be scheduled onto any zone. -When whenUnsatisfiable=ScheduleAnyway, it is used to give higher precedence -to topologies that satisfy it. -It’s a required field. Default value is 1 and 0 is not allowed.

- -		 -No -
topologyKeystring -

TopologyKey is the key of node labels. Nodes that have a label with this key -and identical values are considered to be in the same topology. -We consider each as a “bucket”, and try to put balanced number -of pods into each bucket. -It’s a required field.

- -		 -No -
whenUnsatisfiablestring -

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy -the spread constraint. -- DoNotSchedule (default) tells the scheduler not to schedule it. -- ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. -A constraint is considered “Unsatisfiable” for an incoming pod -if and only if every possible node assignment for that pod would violate -“MaxSkew” on some topology. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 3/1/1: -+——-+——-+——-+ -| zone1 | zone2 | zone3 | -+——-+——-+——-+ -| P P P | P | P | -+——-+——-+——-+ -If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled -to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies -MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler -won’t make it more imbalanced. -It’s a required field.

- -		 -No -
labelSelectorLabelSelector -

LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.ExecAction

-
-

ExecAction describes a “run in container” action.

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
commandstring[] -

Command is the command line to execute inside the container, the working directory for the -command is root (‘/’) in the container’s filesystem. The command is simply exec’d, it is -not run inside a shell, so traditional shell instructions (‘|’, etc) won’t work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.GRPCAction

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
portint32 -

Port number of the gRPC service. Number must be in the range 1 to 65535.

- -		 -No -
servicestring -

Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

- -

If this is not specified, the default behavior is defined by gRPC. -+optional -+default=“”

- -		 -No -
-
-

k8s.io.api.core.v1.HTTPHeader

-
-

HTTPHeader describes a custom header to be used in HTTP probes

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

The header field name

- -		 -No -
valuestring -

The header field value

- -		 -No -
-
-

k8s.io.api.core.v1.SessionAffinityConfig

-
-

SessionAffinityConfig represents the configurations of session affinity.

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
clientIPClientIPConfig -

clientIP contains the configurations of Client IP based session affinity. -+optional

- -		 -No -
-
-

K8sResourceOverlayPatch.Type

-
- - - - - - - - - - - - - - - - - - - - - -
NameDescription
unspecified -
replace -
remove -
-
-

ConfigState

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription
Unspecified -
Created -
ReconcileFailed -
Reconciling -
Available -
Unmanaged -
-
diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.proto b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.proto deleted file mode 100644 index 80065b146..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common.proto +++ /dev/null @@ -1,707 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/protobuf/wrappers.proto"; -import "google/api/field_behavior.proto"; -import "k8s.io/api/core/v1/generated.proto"; -import "google/protobuf/descriptor.proto"; -import "api/options/options.proto"; - -package istio_operator.v2.api.v1alpha1; - -option go_package = "github.com/banzaicloud/istio-operator/v2/api/v1alpha1"; - -// Generic k8s resource metadata -message K8sObjectMeta { - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: http://kubernetes.io/docs/user-guide/labels - // +optional - map labels = 11; - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: http://kubernetes.io/docs/user-guide/annotations - // +optional - map annotations = 12; -} - -message ContainerImageConfiguration { - // Default hub for container images. - string hub = 1; - - // Default tag for container images. - string tag = 2; - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // +optional - // +kubebuilder:validation:Enum=Always;Never;IfNotPresent - string imagePullPolicy = 3; - - // ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. - // +optional - repeated k8s.io.api.core.v1.LocalObjectReference imagePullSecrets = 4; -} - -message BaseKubernetesContainerConfiguration { - // Standard Kubernetes container image configuration - string image = 1; - - // If present will be appended to the environment variables of the container - repeated k8s.io.api.core.v1.EnvVar env = 2; - - // Standard Kubernetes resource configuration, memory and CPU resource requirements - ResourceRequirements resources = 3; - - // Standard Kubernetes security context configuration - k8s.io.api.core.v1.SecurityContext securityContext = 4; - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - repeated k8s.io.api.core.v1.VolumeMount volumeMounts = 5; -} - -message BaseKubernetesResourceConfig { - // Generic k8s resource metadata - K8sObjectMeta metadata = 1; - - // Standard Kubernetes container image configuration - string image = 2; - - // If present will be appended to the environment variables of the container - repeated k8s.io.api.core.v1.EnvVar env = 3; - - // Standard Kubernetes resource configuration, memory and CPU resource requirements - ResourceRequirements resources = 4; - - // Standard Kubernetes node selector configuration - map nodeSelector = 5; - - // Standard Kubernetes affinity configuration - k8s.io.api.core.v1.Affinity affinity = 6; - - // Standard Kubernetes security context configuration - k8s.io.api.core.v1.SecurityContext securityContext = 7; - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // +optional - string imagePullPolicy = 8; - - // ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. - // +optional - repeated k8s.io.api.core.v1.LocalObjectReference imagePullSecrets = 9; - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - string priorityClassName = 10; - - // If specified, the pod's tolerations. - // +optional - repeated k8s.io.api.core.v1.Toleration tolerations = 11; - - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - repeated k8s.io.api.core.v1.Volume volumes = 12; - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - repeated k8s.io.api.core.v1.VolumeMount volumeMounts = 13; - - // Replica configuration - Replicas replicas = 14; - - // Standard Kubernetes pod annotation and label configuration - K8sObjectMeta podMetadata = 15; - - // PodDisruptionBudget configuration - PodDisruptionBudget podDisruptionBudget = 16; - - // DeploymentStrategy configuration - DeploymentStrategy deploymentStrategy = 17; - - // Standard Kubernetes pod security context configuration - k8s.io.api.core.v1.PodSecurityContext podSecurityContext = 18; - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - Probe livenessProbe = 19; - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - Probe readinessProbe = 20; - - // Used to control how Pods are spread across a cluster among failure-domains. - // This can help to achieve high availability as well as efficient resource utilization. - // More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints - // +optional - repeated k8s.io.api.core.v1.TopologySpreadConstraint topologySpreadConstraints = 21; -} - -message DeploymentStrategy { - message RollingUpdateDeployment { - IntOrString maxUnavailable = 1 [(options.intorstring) = "true"]; - IntOrString maxSurge = 2 [(options.intorstring) = "true"]; - } - - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - string type = 1; - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - // +optional - RollingUpdateDeployment rollingUpdate = 2; -} - -// PodDisruptionBudget is a description of a PodDisruptionBudget -message PodDisruptionBudget { - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - IntOrString minAvailable = 1 [(options.intorstring) = "true"]; - - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - IntOrString maxUnavailable = 2 [(options.intorstring) = "true"]; -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -message Probe { - // The action taken to determine the health of a container - oneof handler { - // Exec specifies the action to take. - // +optional - k8s.io.api.core.v1.ExecAction exec = 1; - - // HTTPGet specifies the http request to perform. - // +optional - HTTPGetAction httpGet = 2; - - // TCPSocket specifies an action involving a TCP port. - // +optional - TCPSocketAction tcpSocket = 3; - - // GRPC specifies an action involving a GRPC port. - // This is a beta field and requires enabling GRPCContainerProbe feature gate. - // +featureGate=GRPCContainerProbe - // +optional - k8s.io.api.core.v1.GRPCAction grpc = 4; - } - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - int32 initialDelaySeconds = 5; - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - int32 timeoutSeconds = 6; - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - int32 periodSeconds = 7; - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - int32 successThreshold = 8; - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - int32 failureThreshold = 9; - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - int64 terminationGracePeriodSeconds = 10; -} - -// HTTPGetAction describes an action based on HTTP Get requests. -message HTTPGetAction { - // Path to access on the HTTP server. - // +optional - string path = 1; - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - IntOrString port = 2 [(options.intorstring) = "true"]; - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - string host = 3; - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - string scheme = 4; - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - repeated k8s.io.api.core.v1.HTTPHeader httpHeaders = 5; -} - -// TCPSocketAction describes an action based on opening a socket -message TCPSocketAction { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - IntOrString port = 1 [(options.intorstring) = "true"]; - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - string host = 2; -} - -// Service describes the attributes that a user creates on a service. -message Service { - K8sObjectMeta metadata = 16; - - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - // +kubebuilder:validation:MinItems=1 - repeated ServicePort ports = 1 [(google.api.field_behavior) = REQUIRED]; - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - map selector = 2; - - // clusterIP is the IP address of the service and is usually assigned - // randomly by the master. If an address is specified manually and is not in - // use by others, it will be allocated to the service; otherwise, creation - // of the service will fail. This field can not be changed through updates. - // Valid values are "None", empty string (""), or a valid IP address. "None" - // can be specified for headless services when proxying is not required. - // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if - // type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - string clusterIP = 3; - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ExternalName" maps to the specified externalName. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing to - // endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object. If clusterIP is - // "None", no virtual IP is allocated and the endpoints are published as a - // set of endpoints rather than a stable IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the clusterIP. - // "LoadBalancer" builds on NodePort and creates an - // external load-balancer (if supported in the current cloud) which routes - // to the clusterIP. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - string type = 4 [(google.api.field_behavior) = REQUIRED]; - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - repeated string externalIPs = 5; - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - string sessionAffinity = 7; - - // Only applies to Service Type: LoadBalancer - // LoadBalancer will get created with the IP specified in this field. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // +optional - string loadBalancerIP = 8; - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - // +optional - repeated string loadBalancerSourceRanges = 9; - - // externalName is the external reference that kubedns or equivalent will - // return as a CNAME record for this service. No proxying will be involved. - // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - // and requires Type to be ExternalName. - // +optional - string externalName = 10; - - // externalTrafficPolicy denotes if this Service desires to route external - // traffic to node-local or cluster-wide endpoints. "Local" preserves the - // client source IP and avoids a second hop for LoadBalancer and Nodeport - // type services, but risks potentially imbalanced traffic spreading. - // "Cluster" obscures the client source IP and may cause a second hop to - // another node, but should have good overall load-spreading. - // +optional - string externalTrafficPolicy = 11; - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // If not specified, HealthCheckNodePort is created by the service api - // backend with the allocated nodePort. Will use user-specified nodePort value - // if specified by the client. Only effects when Type is set to LoadBalancer - // and ExternalTrafficPolicy is set to Local. - // +optional - int32 healthCheckNodePort = 12; - - // publishNotReadyAddresses, when set to true, indicates that DNS implementations - // must publish the notReadyAddresses of subsets for the Endpoints associated with - // the Service. The default value is false. - // The primary use case for setting this field is to use a StatefulSet's Headless Service - // to propagate SRV records for its Pods without respect to their readiness for purpose - // of peer discovery. - // +optional - google.protobuf.BoolValue publishNotReadyAddresses = 13; - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - k8s.io.api.core.v1.SessionAffinityConfig sessionAffinityConfig = 14; - - // ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. - // IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is - // available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. - // Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which - // allocate external load-balancers should use the same IP family. Endpoints for this Service will be of - // this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the - // cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. - // +optional - string ipFamily = 15; -} - -// Service describes the attributes that a user creates on a service. -message UnprotectedService { - K8sObjectMeta metadata = 16; - - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - repeated ServicePort ports = 1; - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - map selector = 2; - - // clusterIP is the IP address of the service and is usually assigned - // randomly by the master. If an address is specified manually and is not in - // use by others, it will be allocated to the service; otherwise, creation - // of the service will fail. This field can not be changed through updates. - // Valid values are "None", empty string (""), or a valid IP address. "None" - // can be specified for headless services when proxying is not required. - // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if - // type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - string clusterIP = 3; - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ExternalName" maps to the specified externalName. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing to - // endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object. If clusterIP is - // "None", no virtual IP is allocated and the endpoints are published as a - // set of endpoints rather than a stable IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the clusterIP. - // "LoadBalancer" builds on NodePort and creates an - // external load-balancer (if supported in the current cloud) which routes - // to the clusterIP. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - string type = 4; - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - repeated string externalIPs = 5; - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - string sessionAffinity = 7; - - // Only applies to Service Type: LoadBalancer - // LoadBalancer will get created with the IP specified in this field. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // +optional - string loadBalancerIP = 8; - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ - // +optional - repeated string loadBalancerSourceRanges = 9; - - // externalName is the external reference that kubedns or equivalent will - // return as a CNAME record for this service. No proxying will be involved. - // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - // and requires Type to be ExternalName. - // +optional - string externalName = 10; - - // externalTrafficPolicy denotes if this Service desires to route external - // traffic to node-local or cluster-wide endpoints. "Local" preserves the - // client source IP and avoids a second hop for LoadBalancer and Nodeport - // type services, but risks potentially imbalanced traffic spreading. - // "Cluster" obscures the client source IP and may cause a second hop to - // another node, but should have good overall load-spreading. - // +optional - string externalTrafficPolicy = 11; - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // If not specified, HealthCheckNodePort is created by the service api - // backend with the allocated nodePort. Will use user-specified nodePort value - // if specified by the client. Only effects when Type is set to LoadBalancer - // and ExternalTrafficPolicy is set to Local. - // +optional - int32 healthCheckNodePort = 12; - - // publishNotReadyAddresses, when set to true, indicates that DNS implementations - // must publish the notReadyAddresses of subsets for the Endpoints associated with - // the Service. The default value is false. - // The primary use case for setting this field is to use a StatefulSet's Headless Service - // to propagate SRV records for its Pods without respect to their readiness for purpose - // of peer discovery. - // +optional - google.protobuf.BoolValue publishNotReadyAddresses = 13; - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - k8s.io.api.core.v1.SessionAffinityConfig sessionAffinityConfig = 14; - - // ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. - // IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is - // available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. - // Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which - // allocate external load-balancers should use the same IP family. Endpoints for this Service will be of - // this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the - // cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. - // +optional - string ipFamily = 15; -} - -// ServicePort contains information on service's port. -message ServicePort { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // if only one ServicePort is defined on this service. - // +optional - string name = 1; - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +optional - // +kubebuilder:default=TCP - string protocol = 2; - - // The port that will be exposed by this service. - int32 port = 3 [(google.api.field_behavior) = REQUIRED]; - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - IntOrString targetPort = 4 [(options.intorstring) = "true"]; - - // The port on each node on which this service is exposed when type=NodePort or LoadBalancer. - // Usually assigned by the system. If specified, it will be allocated to the service - // if unused or else creation of the service will fail. - // Default is to auto-allocate a port if the ServiceType of this Service requires one. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - int32 nodePort = 5; -} - -message NamespacedName { - // Name of the referenced Kubernetes resource - string name = 1; - - // Namespace of the referenced Kubernetes resource - string namespace = 2; -} - -// ResourceRequirements describes the compute resource requirements. -message ResourceRequirements { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - // +optional - map limits = 1 [(options.intorstring)="map"]; - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - // +optional - map requests = 2 [(options.intorstring)="map"]; -} - -// Replicas contains pod replica configuration -message Replicas { - // Standard Kubernetes replica count configuration - // +kubebuilder:validation:Minimum=0 - google.protobuf.Int32Value count = 1; - - // min is the lower limit for the number of replicas to which the autoscaler - // can scale down. - // min and max both need to be set the turn on autoscaling. - // +kubebuilder:validation:Minimum=0 - google.protobuf.Int32Value min = 2; - - // max is the upper limit for the number of replicas to which the autoscaler can scale up. - // min and max both need to be set the turn on autoscaling. - // It cannot be less than min. - // +kubebuilder:validation:Minimum=1 - google.protobuf.Int32Value max = 3; - - // target average CPU utilization (represented as a percentage of requested CPU) over all the pods; - // default 80% will be used if not specified. - // +optional - // +kubebuilder:validation:Minimum=0 - google.protobuf.Int32Value targetCPUUtilizationPercentage = 4; -} - -message K8sResourceOverlayPatch { - message GroupVersionKind { - string kind = 1; - string version = 2; - string group = 3; - } - - enum Type { - unspecified = 0; - replace = 1; - remove = 2; - } - - message Patch { - string path = 1; - string value = 2; - bool parseValue = 3; - Type type = 4; - } - - GroupVersionKind groupVersionKind = 1; - NamespacedName objectKey = 2; - repeated Patch patches = 3; -} - -enum ConfigState { - Unspecified = 0; - Created = 1; - ReconcileFailed = 2; - Reconciling = 3; - Available = 4; - Unmanaged = 5; -} - -// Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. -// +cue-gen-param:intorstring=true -// +cue-gen-param:set=pattern:^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$ -// GOTYPE: *Quantity -message Quantity {} - -// IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. -// +cue-gen-param:intorstring=true -// GOTYPE: *IntOrString -message IntOrString {} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_deepcopy.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_deepcopy.gen.go deleted file mode 100644 index 5dda82cf6..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_deepcopy.gen.go +++ /dev/null @@ -1,447 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1alpha1 - -import ( - proto "github.com/golang/protobuf/proto" -) - -// DeepCopyInto supports using K8SObjectMeta within kubernetes types, where deepcopy-gen is used. -func (in *K8SObjectMeta) DeepCopyInto(out *K8SObjectMeta) { - p := proto.Clone(in).(*K8SObjectMeta) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SObjectMeta. Required by controller-gen. -func (in *K8SObjectMeta) DeepCopy() *K8SObjectMeta { - if in == nil { - return nil - } - out := new(K8SObjectMeta) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new K8SObjectMeta. Required by controller-gen. -func (in *K8SObjectMeta) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ContainerImageConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *ContainerImageConfiguration) DeepCopyInto(out *ContainerImageConfiguration) { - p := proto.Clone(in).(*ContainerImageConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageConfiguration. Required by controller-gen. -func (in *ContainerImageConfiguration) DeepCopy() *ContainerImageConfiguration { - if in == nil { - return nil - } - out := new(ContainerImageConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageConfiguration. Required by controller-gen. -func (in *ContainerImageConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using BaseKubernetesContainerConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *BaseKubernetesContainerConfiguration) DeepCopyInto(out *BaseKubernetesContainerConfiguration) { - p := proto.Clone(in).(*BaseKubernetesContainerConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BaseKubernetesContainerConfiguration. Required by controller-gen. -func (in *BaseKubernetesContainerConfiguration) DeepCopy() *BaseKubernetesContainerConfiguration { - if in == nil { - return nil - } - out := new(BaseKubernetesContainerConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new BaseKubernetesContainerConfiguration. Required by controller-gen. -func (in *BaseKubernetesContainerConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using BaseKubernetesResourceConfig within kubernetes types, where deepcopy-gen is used. -func (in *BaseKubernetesResourceConfig) DeepCopyInto(out *BaseKubernetesResourceConfig) { - p := proto.Clone(in).(*BaseKubernetesResourceConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BaseKubernetesResourceConfig. Required by controller-gen. -func (in *BaseKubernetesResourceConfig) DeepCopy() *BaseKubernetesResourceConfig { - if in == nil { - return nil - } - out := new(BaseKubernetesResourceConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new BaseKubernetesResourceConfig. Required by controller-gen. -func (in *BaseKubernetesResourceConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using DeploymentStrategy within kubernetes types, where deepcopy-gen is used. -func (in *DeploymentStrategy) DeepCopyInto(out *DeploymentStrategy) { - p := proto.Clone(in).(*DeploymentStrategy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStrategy. Required by controller-gen. -func (in *DeploymentStrategy) DeepCopy() *DeploymentStrategy { - if in == nil { - return nil - } - out := new(DeploymentStrategy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStrategy. Required by controller-gen. -func (in *DeploymentStrategy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using DeploymentStrategy_RollingUpdateDeployment within kubernetes types, where deepcopy-gen is used. -func (in *DeploymentStrategy_RollingUpdateDeployment) DeepCopyInto(out *DeploymentStrategy_RollingUpdateDeployment) { - p := proto.Clone(in).(*DeploymentStrategy_RollingUpdateDeployment) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStrategy_RollingUpdateDeployment. Required by controller-gen. -func (in *DeploymentStrategy_RollingUpdateDeployment) DeepCopy() *DeploymentStrategy_RollingUpdateDeployment { - if in == nil { - return nil - } - out := new(DeploymentStrategy_RollingUpdateDeployment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStrategy_RollingUpdateDeployment. Required by controller-gen. -func (in *DeploymentStrategy_RollingUpdateDeployment) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using PodDisruptionBudget within kubernetes types, where deepcopy-gen is used. -func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget) { - p := proto.Clone(in).(*PodDisruptionBudget) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget. Required by controller-gen. -func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget { - if in == nil { - return nil - } - out := new(PodDisruptionBudget) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget. Required by controller-gen. -func (in *PodDisruptionBudget) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Probe within kubernetes types, where deepcopy-gen is used. -func (in *Probe) DeepCopyInto(out *Probe) { - p := proto.Clone(in).(*Probe) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe. Required by controller-gen. -func (in *Probe) DeepCopy() *Probe { - if in == nil { - return nil - } - out := new(Probe) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Probe. Required by controller-gen. -func (in *Probe) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPGetAction within kubernetes types, where deepcopy-gen is used. -func (in *HTTPGetAction) DeepCopyInto(out *HTTPGetAction) { - p := proto.Clone(in).(*HTTPGetAction) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPGetAction. Required by controller-gen. -func (in *HTTPGetAction) DeepCopy() *HTTPGetAction { - if in == nil { - return nil - } - out := new(HTTPGetAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPGetAction. Required by controller-gen. -func (in *HTTPGetAction) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TCPSocketAction within kubernetes types, where deepcopy-gen is used. -func (in *TCPSocketAction) DeepCopyInto(out *TCPSocketAction) { - p := proto.Clone(in).(*TCPSocketAction) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPSocketAction. Required by controller-gen. -func (in *TCPSocketAction) DeepCopy() *TCPSocketAction { - if in == nil { - return nil - } - out := new(TCPSocketAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPSocketAction. Required by controller-gen. -func (in *TCPSocketAction) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Service within kubernetes types, where deepcopy-gen is used. -func (in *Service) DeepCopyInto(out *Service) { - p := proto.Clone(in).(*Service) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. Required by controller-gen. -func (in *Service) DeepCopy() *Service { - if in == nil { - return nil - } - out := new(Service) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Service. Required by controller-gen. -func (in *Service) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using UnprotectedService within kubernetes types, where deepcopy-gen is used. -func (in *UnprotectedService) DeepCopyInto(out *UnprotectedService) { - p := proto.Clone(in).(*UnprotectedService) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnprotectedService. Required by controller-gen. -func (in *UnprotectedService) DeepCopy() *UnprotectedService { - if in == nil { - return nil - } - out := new(UnprotectedService) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new UnprotectedService. Required by controller-gen. -func (in *UnprotectedService) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. -func (in *ServicePort) DeepCopyInto(out *ServicePort) { - p := proto.Clone(in).(*ServicePort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopy() *ServicePort { - if in == nil { - return nil - } - out := new(ServicePort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using NamespacedName within kubernetes types, where deepcopy-gen is used. -func (in *NamespacedName) DeepCopyInto(out *NamespacedName) { - p := proto.Clone(in).(*NamespacedName) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedName. Required by controller-gen. -func (in *NamespacedName) DeepCopy() *NamespacedName { - if in == nil { - return nil - } - out := new(NamespacedName) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedName. Required by controller-gen. -func (in *NamespacedName) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ResourceRequirements within kubernetes types, where deepcopy-gen is used. -func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements) { - p := proto.Clone(in).(*ResourceRequirements) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements. Required by controller-gen. -func (in *ResourceRequirements) DeepCopy() *ResourceRequirements { - if in == nil { - return nil - } - out := new(ResourceRequirements) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements. Required by controller-gen. -func (in *ResourceRequirements) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Replicas within kubernetes types, where deepcopy-gen is used. -func (in *Replicas) DeepCopyInto(out *Replicas) { - p := proto.Clone(in).(*Replicas) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Replicas. Required by controller-gen. -func (in *Replicas) DeepCopy() *Replicas { - if in == nil { - return nil - } - out := new(Replicas) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Replicas. Required by controller-gen. -func (in *Replicas) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using K8SResourceOverlayPatch within kubernetes types, where deepcopy-gen is used. -func (in *K8SResourceOverlayPatch) DeepCopyInto(out *K8SResourceOverlayPatch) { - p := proto.Clone(in).(*K8SResourceOverlayPatch) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch. Required by controller-gen. -func (in *K8SResourceOverlayPatch) DeepCopy() *K8SResourceOverlayPatch { - if in == nil { - return nil - } - out := new(K8SResourceOverlayPatch) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch. Required by controller-gen. -func (in *K8SResourceOverlayPatch) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using K8SResourceOverlayPatch_GroupVersionKind within kubernetes types, where deepcopy-gen is used. -func (in *K8SResourceOverlayPatch_GroupVersionKind) DeepCopyInto(out *K8SResourceOverlayPatch_GroupVersionKind) { - p := proto.Clone(in).(*K8SResourceOverlayPatch_GroupVersionKind) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch_GroupVersionKind. Required by controller-gen. -func (in *K8SResourceOverlayPatch_GroupVersionKind) DeepCopy() *K8SResourceOverlayPatch_GroupVersionKind { - if in == nil { - return nil - } - out := new(K8SResourceOverlayPatch_GroupVersionKind) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch_GroupVersionKind. Required by controller-gen. -func (in *K8SResourceOverlayPatch_GroupVersionKind) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using K8SResourceOverlayPatch_Patch within kubernetes types, where deepcopy-gen is used. -func (in *K8SResourceOverlayPatch_Patch) DeepCopyInto(out *K8SResourceOverlayPatch_Patch) { - p := proto.Clone(in).(*K8SResourceOverlayPatch_Patch) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch_Patch. Required by controller-gen. -func (in *K8SResourceOverlayPatch_Patch) DeepCopy() *K8SResourceOverlayPatch_Patch { - if in == nil { - return nil - } - out := new(K8SResourceOverlayPatch_Patch) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new K8SResourceOverlayPatch_Patch. Required by controller-gen. -func (in *K8SResourceOverlayPatch_Patch) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Quantity within kubernetes types, where deepcopy-gen is used. -func (in *Quantity) DeepCopyInto(out *Quantity) { - p := proto.Clone(in).(*Quantity) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Quantity. Required by controller-gen. -func (in *Quantity) DeepCopy() *Quantity { - if in == nil { - return nil - } - out := new(Quantity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Quantity. Required by controller-gen. -func (in *Quantity) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IntOrString within kubernetes types, where deepcopy-gen is used. -func (in *IntOrString) DeepCopyInto(out *IntOrString) { - p := proto.Clone(in).(*IntOrString) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntOrString. Required by controller-gen. -func (in *IntOrString) DeepCopy() *IntOrString { - if in == nil { - return nil - } - out := new(IntOrString) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IntOrString. Required by controller-gen. -func (in *IntOrString) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_json.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_json.gen.go deleted file mode 100644 index e611f6efb..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/common_json.gen.go +++ /dev/null @@ -1,243 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1alpha1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for K8SObjectMeta -func (this *K8SObjectMeta) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for K8SObjectMeta -func (this *K8SObjectMeta) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ContainerImageConfiguration -func (this *ContainerImageConfiguration) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ContainerImageConfiguration -func (this *ContainerImageConfiguration) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for BaseKubernetesContainerConfiguration -func (this *BaseKubernetesContainerConfiguration) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for BaseKubernetesContainerConfiguration -func (this *BaseKubernetesContainerConfiguration) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for BaseKubernetesResourceConfig -func (this *BaseKubernetesResourceConfig) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for BaseKubernetesResourceConfig -func (this *BaseKubernetesResourceConfig) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for DeploymentStrategy -func (this *DeploymentStrategy) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for DeploymentStrategy -func (this *DeploymentStrategy) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for DeploymentStrategy_RollingUpdateDeployment -func (this *DeploymentStrategy_RollingUpdateDeployment) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for DeploymentStrategy_RollingUpdateDeployment -func (this *DeploymentStrategy_RollingUpdateDeployment) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for PodDisruptionBudget -func (this *PodDisruptionBudget) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PodDisruptionBudget -func (this *PodDisruptionBudget) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Probe -func (this *Probe) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Probe -func (this *Probe) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPGetAction -func (this *HTTPGetAction) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPGetAction -func (this *HTTPGetAction) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TCPSocketAction -func (this *TCPSocketAction) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TCPSocketAction -func (this *TCPSocketAction) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Service -func (this *Service) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Service -func (this *Service) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for UnprotectedService -func (this *UnprotectedService) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for UnprotectedService -func (this *UnprotectedService) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ServicePort -func (this *ServicePort) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServicePort -func (this *ServicePort) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for NamespacedName -func (this *NamespacedName) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for NamespacedName -func (this *NamespacedName) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ResourceRequirements -func (this *ResourceRequirements) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ResourceRequirements -func (this *ResourceRequirements) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Replicas -func (this *Replicas) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Replicas -func (this *Replicas) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for K8SResourceOverlayPatch -func (this *K8SResourceOverlayPatch) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for K8SResourceOverlayPatch -func (this *K8SResourceOverlayPatch) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for K8SResourceOverlayPatch_GroupVersionKind -func (this *K8SResourceOverlayPatch_GroupVersionKind) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for K8SResourceOverlayPatch_GroupVersionKind -func (this *K8SResourceOverlayPatch_GroupVersionKind) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for K8SResourceOverlayPatch_Patch -func (this *K8SResourceOverlayPatch_Patch) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for K8SResourceOverlayPatch_Patch -func (this *K8SResourceOverlayPatch_Patch) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Quantity -func (this *Quantity) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Quantity -func (this *Quantity) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IntOrString -func (this *IntOrString) MarshalJSON() ([]byte, error) { - str, err := CommonMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IntOrString -func (this *IntOrString) UnmarshalJSON(b []byte) error { - return CommonUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - CommonMarshaler = &jsonpb.Marshaler{} - CommonUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/groupversion_info.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/groupversion_info.go deleted file mode 100644 index ac2478fb2..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1alpha1 contains API Schema definitions for the servicemesh v1alpha1 API group -// +kubebuilder:object:generate=true -// +groupName=servicemesh.cisco.com -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "servicemesh.cisco.com", Version: "v1alpha1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istio-operator.gen.json b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istio-operator.gen.json deleted file mode 100644 index 21b671e83..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istio-operator.gen.json +++ /dev/null @@ -1,4347 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "OpenAPI descriptor for Istio operator types", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio.mesh.v1alpha1.AuthenticationPolicy": { - "description": "AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. It can be set for two different scopes, mesh-wide or set on a per-pod basis using the ProxyConfig annotation. Mesh policy cannot be INHERIT.", - "type": "string", - "enum": [ - "NONE", - "MUTUAL_TLS", - "INHERIT" - ] - }, - "istio.mesh.v1alpha1.Certificate": { - "description": "Certificate configures the provision of a certificate and its key. Example 1: key and cert stored in a secret ``` { secretName: galley-cert secretNamespace: istio-system dnsNames: - galley.istio-system.svc - galley.mydomain.com } ``` Example 2: key and cert stored in a directory ``` { dnsNames: - pilot.istio-system - pilot.istio-system.svc - pilot.mydomain.com } ```", - "type": "object", - "properties": { - "secretName": { - "description": "Name of the secret the certificate and its key will be stored into. If it is empty, it will not be stored into a secret. Instead, the certificate and its key will be stored into a hard-coded directory.", - "type": "string" - }, - "dnsNames": { - "description": "The DNS names for the certificate. A certificate may contain multiple DNS names.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ConfigSource": { - "description": "ConfigSource describes information about a configuration store inside a mesh. A single control plane instance can interact with one or more data sources.", - "type": "object", - "properties": { - "address": { - "description": "Address of the server implementing the Istio Mesh Configuration protocol (MCP). Can be IP address or a fully qualified DNS name. Use fs:/// to specify a file-based backend with absolute path to the directory.", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "subscribedResources": { - "description": "Describes the source of configuration, if nothing is specified default is MCP", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Resource" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig": { - "description": "MeshConfig defines mesh-wide settings for the Istio service mesh.", - "type": "object", - "properties": { - "localityLbSetting": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting" - }, - "connectTimeout": { - "description": "Connection timeout used by Envoy. (MUST BE \u003e=1ms) Default timeout is 10s.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "h2UpgradePolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy" - }, - "caCertificates": { - "description": "The extra root certificates for workload-to-workload communication. The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) are automatically added by Istiod. The CA certificate that signs the workload certificates is automatically added by Istio Agent.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CertificateData" - } - }, - "proxyListenPort": { - "description": "Port on which Envoy should listen for incoming connections from other services. Default port is 15001.", - "type": "integer", - "format": "int32" - }, - "proxyHttpPort": { - "description": "Port on which Envoy should listen for HTTP PROXY requests if set.", - "type": "integer", - "format": "int32" - }, - "protocolDetectionTimeout": { - "description": "Automatic protocol detection uses a set of heuristics to determine whether the connection is using TLS or not (on the server side), as well as the application protocol being used (e.g., http vs tcp). These heuristics rely on the client sending the first bits of data. For server first protocols like MySQL, MongoDB, etc. Envoy will timeout on the protocol detection after the specified period, defaulting to non mTLS plain TCP traffic. Set this field to tweak the period that Envoy will wait for the client to send the first bits of data. (MUST BE \u003e=1ms or 0s to disable). Default detection timeout is 5s.", - "type": "string" - }, - "ingressClass": { - "description": "Class of ingress resources to be processed by Istio ingress controller. This corresponds to the value of `kubernetes.io/ingress.class` annotation.", - "type": "string" - }, - "ingressService": { - "description": "Name of the Kubernetes service used for the istio ingress controller. If no ingress controller is specified, the default value `istio-ingressgateway` is used.", - "type": "string" - }, - "ingressControllerMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.IngressControllerMode" - }, - "ingressSelector": { - "description": "Defines which gateway deployment to use as the Ingress controller. This field corresponds to the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. By default, `ingressgateway` is used, which will select the default IngressGateway as it has the `istio: ingressgateway` labels. It is recommended that this is the same value as ingress_service.", - "type": "string" - }, - "enableTracing": { - "description": "Flag to control generation of trace spans and request IDs. Requires a trace span collector defined in the proxy configuration.", - "type": "boolean" - }, - "accessLogFile": { - "description": "File address for the proxy access log (e.g. /dev/stdout). Empty value disables access logging.", - "type": "string" - }, - "accessLogFormat": { - "description": "Format for the proxy access log Empty value results in proxy's default access log format", - "type": "string" - }, - "accessLogEncoding": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding" - }, - "enableEnvoyAccessLogService": { - "description": "This flag enables Envoy's gRPC Access Log Service. See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto) for details about Envoy's gRPC Access Log Service API. Default value is `false`.", - "type": "boolean" - }, - "disableEnvoyListenerLog": { - "description": "This flag disables Envoy Listener logs. See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) Istio Enables Envoy's listener access logs on \"NoRoute\" response flag. Default value is `false`.", - "type": "boolean" - }, - "defaultConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig" - }, - "outboundTrafficPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy" - }, - "configSources": { - "description": "ConfigSource describes a source of configuration data for networking rules, and other Istio configuration artifacts. Multiple data sources can be configured for a single control plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ConfigSource" - } - }, - "enableAutoMtls": { - "description": "This flag is used to enable mutual `TLS` automatically for service to service communication within the mesh, default true. If set to true, and a given service does not have a corresponding `DestinationRule` configured, or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side TLS configuration appropriately. More specifically, If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate for mutual `TLS` to connect to upstream. If upstream service is in plain text mode, use plain text. If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead.", - "type": "boolean", - "nullable": true - }, - "trustDomain": { - "description": "The trust domain corresponds to the trust root of a system. Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain)", - "type": "string" - }, - "trustDomainAliases": { - "description": "The trust domain aliases represent the aliases of `trust_domain`. For example, if we have ```yaml trustDomain: td1 trustDomainAliases: [\"td2\", \"td3\"] ``` Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultServiceExportTo": { - "description": "The default value for the ServiceEntry.export_to field and services imported through container registry integrations, e.g. this applies to Kubernetes Service resources. The value is a list of namespace names and reserved namespace aliases. The allowed namespace aliases are: ``` * - All Namespaces . - Current Namespace ~ - No Namespace ``` If not set the system will use \"*\" as the default value which implies that services are exported to all namespaces.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultVirtualServiceExportTo": { - "description": "The default value for the VirtualService.export_to field. Has the same syntax as `default_service_export_to`.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultDestinationRuleExportTo": { - "description": "The default value for the `DestinationRule.export_to` field. Has the same syntax as `default_service_export_to`.", - "type": "array", - "items": { - "type": "string" - } - }, - "rootNamespace": { - "description": "The namespace to treat as the administrative root namespace for Istio configuration. When processing a leaf namespace Istio will search for declarations in that namespace first and if none are found it will search in the root namespace. Any matching declaration found in the root namespace is processed as if it were declared in the leaf namespace.", - "type": "string" - }, - "dnsRefreshRate": { - "description": "Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` Default refresh rate is `5s`.", - "type": "string" - }, - "inboundClusterStatName": { - "description": "Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `inbound|\u003cport\u003e|\u003cport-name\u003e|\u003cservice-FQDN\u003e`. For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern.", - "type": "string" - }, - "outboundClusterStatName": { - "description": "Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `outbound|\u003cport\u003e|\u003csubsetname\u003e|\u003cservice-FQDN\u003e`. For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern.", - "type": "string" - }, - "certificates": { - "description": "Configure the provision of certificates.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Certificate" - } - }, - "thriftConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ThriftConfig" - }, - "serviceSettings": { - "description": "Settings to be applied to select services.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings" - } - }, - "enablePrometheusMerge": { - "description": "If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and `prometheus.io/path` annotations. If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. In this case, it is recommended to disable aggregation on that deployment with the `prometheus.istio.io/merge-metrics: \"false\"` annotation. If not specified, this will be enabled by default.", - "type": "boolean", - "nullable": true - }, - "verifyCertificateAtClient": { - "description": "`VerifyCertificateAtClient` sets the mesh global default for peer certificate validation at the client-side proxy when `SIMPLE` TLS or `MUTUAL` TLS (non `ISTIO_MUTUAL`) origination modes are used. This setting can be overridden at the host level via DestinationRule API. By default, `VerifyCertificateAtClient` is `true`.", - "type": "boolean", - "nullable": true - }, - "ca": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CA" - }, - "extensionProviders": { - "description": "Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy can be used with an extension provider to delegate the authorization decision to a custom authorization system.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider" - } - }, - "defaultProviders": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.DefaultProviders" - }, - "discoverySelectors": { - "description": "A list of Kubernetes selectors that specify the set of namespaces that Istio considers when computing configuration updates for sidecars. This can be used to reduce Istio's computational load by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. If omitted, Istio will use the default behavior of processing all namespaces in the cluster. Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. The following example selects any namespace that matches either below: 1. The namespace has both of these labels: `env: prod` and `region: us-east1` 2. The namespace has label `app` equal to `cassandra` or `spark`. ```yaml discoverySelectors: - matchLabels: env: prod region: us-east1 - matchExpressions: - key: app operator: In values: - cassandra - spark ``` Refer to the [kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for additional detail on selector semantics.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - }, - "pathNormalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding": { - "type": "string", - "enum": [ - "TEXT", - "JSON" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.AuthPolicy": { - "type": "string", - "enum": [ - "NONE", - "MUTUAL_TLS" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.CA": { - "type": "object", - "properties": { - "address": { - "description": "REQUIRED. Address of the CA server implementing the Istio CA gRPC API. Can be IP address or a fully qualified DNS name with port Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "requestTimeout": { - "description": "timeout for forward CSR requests from Istiod to External CA Default: 10s", - "type": "string" - }, - "istiodSide": { - "description": "Use istiod_side to specify CA Server integrate to Istiod side or Agent side Default: true", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.CertificateData": { - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.DefaultProviders": { - "description": "Holds the name references to the providers that will be used by default in other Istio configuration resources if the provider is not specified.", - "type": "object", - "properties": { - "tracing": { - "description": "Name of the default provider(s) for tracing.", - "type": "array", - "items": { - "type": "string" - } - }, - "metrics": { - "description": "Name of the default provider(s) for metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "accessLogging": { - "description": "Name of the default provider(s) for access logging.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider": { - "type": "object", - "properties": { - "name": { - "description": "REQUIRED. A unique name identifying the extension provider.", - "type": "string" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - } - ] - } - }, - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationRequestBody": { - "type": "object", - "properties": { - "maxRequestBytes": { - "description": "Sets the maximum size of a message body that the ext-authz filter will hold in memory. If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). Otherwise the request will be sent to the provider with a partial message. Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the fail_open is set to true.", - "type": "integer" - }, - "allowPartialMessage": { - "description": "When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. A \"x-envoy-auth-partial-body: false|true\" metadata header will be added to the authorization request message indicating if the body data is partial.", - "type": "boolean" - }, - "packAsBytes": { - "description": "If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes in the raw_body field (https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). Otherwise, it will be filled with UTF-8 string in the body field (https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider.", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider.TraceContext": { - "description": "TraceContext selects the context propagation headers used for distributed tracing.", - "type": "string", - "enum": [ - "UNSPECIFIED", - "W3C_TRACE_CONTEXT", - "GRPC_BIN", - "CLOUD_TRACE_CONTEXT", - "B3" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy": { - "description": "Default Policy for upgrading http1.1 connections to http2.", - "type": "string", - "enum": [ - "DO_NOT_UPGRADE", - "UPGRADE" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.IngressControllerMode": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "OFF", - "DEFAULT", - "STRICT" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy": { - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode": { - "type": "string", - "enum": [ - "REGISTRY_ONLY", - "ALLOW_ANY" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization": { - "type": "object", - "properties": { - "normalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType": { - "type": "string", - "enum": [ - "DEFAULT", - "NONE", - "BASE", - "MERGE_SLASHES", - "DECODE_AND_MERGE_SLASHES" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings": { - "description": "Settings to be applied to select services.", - "type": "object", - "properties": { - "hosts": { - "description": "The services to which the Settings should be applied. Services are selected using the hostname matching rules used by DestinationRule.", - "type": "array", - "items": { - "type": "string" - } - }, - "settings": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings": { - "description": "Settings for the selected services.", - "type": "object", - "properties": { - "clusterLocal": { - "description": "If true, specifies that the client and service endpoints must reside in the same cluster. By default, in multi-cluster deployments, the Istio control plane assumes all service endpoints to be reachable from any client in any of the clusters which are part of the mesh. This configuration option limits the set of service endpoints visible to a client to be cluster scoped.", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ThriftConfig": { - "type": "object", - "properties": { - "rateLimitUrl": { - "description": "Specify thrift rate limit service URL. If pilot has thrift protocol support enabled, this will enable the rate limit service for destinations that have matching rate limit configurations.", - "type": "string" - }, - "rateLimitTimeout": { - "description": "Specify thrift rate limit service timeout, in milliseconds. Default is `50ms`", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.ProxyConfig": { - "description": "ProxyConfig defines variables for individual Envoy instances. This can be configured on a per-workload basis as well as by the mesh-wide defaults. To set the mesh wide defaults, configure the `defaultConfig` section of `meshConfig`. For example: ``` meshConfig: defaultConfig: discoveryAddress: istiod:15012 ```", - "type": "object", - "properties": { - "readinessProbe": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ReadinessProbe" - }, - "tracing": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing" - }, - "configPath": { - "description": "Path to the generated configuration file directory. Proxy agent generates the actual configuration and stores it in this directory.", - "type": "string" - }, - "binaryPath": { - "description": "Path to the proxy binary", - "type": "string" - }, - "serviceCluster": { - "description": "Service cluster defines the name for the `service_cluster` that is shared by all Envoy instances. This setting corresponds to `--service-cluster` flag in Envoy. In a typical Envoy deployment, the `service-cluster` flag is used to identify the caller, for source-based routing scenarios.", - "type": "string" - }, - "drainDuration": { - "description": "The time in seconds that Envoy will drain connections during a hot restart. MUST be \u003e=1s (e.g., _1s/1m/1h_) Default drain duration is `45s`.", - "type": "string" - }, - "parentShutdownDuration": { - "description": "The time in seconds that Envoy will wait before shutting down the parent process during a hot restart. MUST be \u003e=1s (e.g., `1s/1m/1h`). MUST BE greater than `drain_duration` parameter. Default shutdown duration is `60s`.", - "type": "string" - }, - "discoveryAddress": { - "description": "Address of the discovery service exposing xDS with mTLS connection. The inject configuration may override this value.", - "type": "string" - }, - "discoveryRefreshDelay": { - "type": "string", - "deprecated": true - }, - "zipkinAddress": { - "description": "Address of the Zipkin service (e.g. _zipkin:9411_). DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead.", - "type": "string", - "deprecated": true - }, - "statsdUdpAddress": { - "description": "IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`).", - "type": "string" - }, - "envoyMetricsServiceAddress": { - "type": "string", - "deprecated": true - }, - "proxyAdminPort": { - "description": "Port on which Envoy should listen for administrative commands. Default port is `15000`.", - "type": "integer", - "format": "int32" - }, - "availabilityZone": { - "type": "string", - "deprecated": true - }, - "controlPlaneAuthPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.AuthenticationPolicy" - }, - "customConfigFile": { - "description": "File path of custom proxy configuration, currently used by proxies in front of Mixer and Pilot.", - "type": "string" - }, - "statNameLength": { - "description": "Maximum length of name field in Envoy's metrics. The length of the name field is determined by the length of a name field in a service and the set of labels that comprise a particular version of the service. The default value is set to 189 characters. Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. Increase the value of this field if you find that the metrics from Envoys are truncated.", - "type": "integer", - "format": "int32" - }, - "concurrency": { - "description": "The number of worker threads to run. If unset, this will be automatically determined based on CPU requests/limits. If set to 0, all cores on the machine will be used. Default is 2 worker threads.", - "type": "integer", - "nullable": true - }, - "proxyBootstrapTemplatePath": { - "description": "Path to the proxy bootstrap template file", - "type": "string" - }, - "interceptionMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode" - }, - "sds": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.SDS" - }, - "envoyAccessLogService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "envoyMetricsService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "proxyMetadata": { - "description": "Additional environment variables for the proxy. Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "statusPort": { - "description": "Port on which the agent should listen for administrative commands such as readiness probe. Default is set to port `15020`.", - "type": "integer", - "format": "int32" - }, - "extraStatTags": { - "description": "An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be added by configuring the telemetry extension. Each additional tag needs to be present in this list. Extra tags emitted by the telemetry extensions must be listed here so that they can be processed and exposed as Prometheus metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "gatewayTopology": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology" - }, - "terminationDrainDuration": { - "description": "The amount of time allowed for connections to complete on proxy shutdown. On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start draining, preventing any new connections and allowing existing connections to complete. It then sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. If not set, a default of `5s` will be applied.", - "type": "string" - }, - "meshId": { - "description": "The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) All control planes running in the same service mesh should specify the same mesh ID. Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together.", - "type": "string" - }, - "proxyStatsMatcher": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher" - }, - "holdApplicationUntilProxyStarts": { - "description": "Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. This feature adds hooks to delay application startup until the pod proxy is ready to accept traffic, mitigating some startup race conditions. Default value is 'false'.", - "type": "boolean", - "nullable": true - }, - "caCertificatesPem": { - "description": "The PEM data of the extra root certificates for workload-to-workload communication. This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) are added automatically by Istiod.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode": { - "description": "The mode used to redirect inbound traffic to Envoy. This setting has no effect on outbound traffic: iptables `REDIRECT` is always used for outbound connections.", - "type": "string", - "enum": [ - "REDIRECT", - "TPROXY" - ] - }, - "istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher": { - "description": "Proxy stats name matchers for stats creation. Note this is in addition to the minimum Envoy stats that Istio generates by default.", - "type": "object", - "properties": { - "inclusionPrefixes": { - "description": "Proxy stats name prefix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionSuffixes": { - "description": "Proxy stats name suffix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionRegexps": { - "description": "Proxy stats name regexps matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.RemoteService": { - "type": "object", - "properties": { - "address": { - "description": "Address of a remove service used for various purposes (access log receiver, metrics receiver, etc.). Can be IP address or a fully qualified DNS name.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - } - } - }, - "istio.mesh.v1alpha1.Resource": { - "description": "Resource describes the source of configuration", - "type": "string", - "enum": [ - "SERVICE_REGISTRY" - ] - }, - "istio.mesh.v1alpha1.SDS": { - "description": "SDS defines secret discovery service(SDS) configuration to be used by the proxy. For workload, its values are set in sidecar injector(passed as arguments to istio-proxy container). For pilot/mixer, it's passed as arguments to istio-proxy container in pilot/mixer deployment yaml files directly.", - "type": "object", - "properties": { - "enabled": { - "description": "True if SDS is enabled.", - "type": "boolean" - }, - "k8sSaJwtPath": { - "description": "Path of k8s service account JWT path.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Topology": { - "description": "Topology describes the configuration for relative location of a proxy with respect to intermediate trusted proxies and the client. These settings control how the client attributes are retrieved from the incoming traffic by the gateway proxy and propagated to the upstream services in the cluster.", - "type": "object", - "properties": { - "numTrustedProxies": { - "description": "Number of trusted proxies deployed in front of the Istio gateway proxy. When this option is set to value N greater than zero, the trusted client address is assumed to be the Nth address from the right end of the X-Forwarded-For (XFF) header from the incoming request. If the X-Forwarded-For (XFF) header is missing or has fewer than N addresses, the gateway proxy falls back to using the immediate downstream connection's source address as the trusted client address. Note that the gateway proxy will append the downstream connection's source address to the X-Forwarded-For (XFF) address and set the X-Envoy-External-Address header to the trusted client address before forwarding it to the upstream services in the cluster. The default value of num_trusted_proxies is 0. See [Envoy XFF] (https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-x-forwarded-for) header handling for more details.", - "type": "integer" - }, - "forwardClientCertDetails": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology.ForwardClientCertDetails" - } - } - }, - "istio.mesh.v1alpha1.Topology.ForwardClientCertDetails": { - "description": "ForwardClientCertDetails controls how the x-forwarded-client-cert (XFCC) header is handled by the gateway proxy. See [Envoy XFCC](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#envoy-api-enum-config-filter-network-http-connection-manager-v2-httpconnectionmanager-forwardclientcertdetails) header handling for more details.", - "type": "string", - "enum": [ - "UNDEFINED", - "SANITIZE", - "FORWARD_ONLY", - "APPEND_FORWARD", - "SANITIZE_SET", - "ALWAYS_FORWARD_ONLY" - ] - }, - "istio.mesh.v1alpha1.Tracing": { - "description": "Tracing defines configuration for the tracing performed by Envoy instances.", - "type": "object", - "properties": { - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "customTags": { - "description": "Configures the custom tags to be added to active span by all proxies (i.e. sidecars and gateways). The key represents the name of the tag. Ex: ```yaml custom_tags: new_tag_name: header: name: custom-http-header-name default_value: defaulted-value-from-custom-header ``` $hide_from_docs", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.CustomTag" - } - }, - "maxPathTagLength": { - "description": "Configures the maximum length of the request path to extract and include in the HttpUrl tag. Used to truncate length request paths to meet the needs of tracing backend. If not set, then a length of 256 will be used. $hide_from_docs", - "type": "integer" - }, - "sampling": { - "description": "The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, if not requested by the client or not forced. Default is 1.0.", - "type": "number", - "format": "double" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.CustomTag": { - "description": "Configure custom tags that will be added to any active span. Tags can be generated via literals, environment variables or an incoming request header. $hide_from_docs", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - } - }, - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.Datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - }, - "istio.mesh.v1alpha1.Tracing.Environment": { - "description": "Environment is the proxy's environment variable to be used for populating the custom span tag. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable used to populate the tag's value", - "type": "string" - }, - "defaultValue": { - "description": "When the environment variable is not found, the tag's value will be populated with this default value if specified, otherwise the tag will not be populated.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - }, - "istio.mesh.v1alpha1.Tracing.Literal": { - "description": "Literal type represents a static value. $hide_from_docs", - "type": "object", - "properties": { - "value": { - "description": "Static literal value used to populate the tag value.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.OpenCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - }, - "istio.mesh.v1alpha1.Tracing.OpenCensusAgent.TraceContext": { - "description": "TraceContext selects the context propagation headers used for distributed tracing.", - "type": "string", - "enum": [ - "UNSPECIFIED", - "W3C_TRACE_CONTEXT", - "GRPC_BIN", - "CLOUD_TRACE_CONTEXT", - "B3" - ] - }, - "istio.mesh.v1alpha1.Tracing.RequestHeader": { - "description": "RequestHeader is the HTTP request header which will be used to populate the span tag. A default value can be configured if the header does not exist. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "HTTP header name used to obtain the value from to populate the tag value.", - "type": "string" - }, - "defaultValue": { - "description": "Default value to be used for the tag when the named HTTP header does not exist. The tag will be skipped if no default value is provided.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - }, - "istio.mesh.v1alpha1.Tracing.Zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - }, - "istio.networking.v1alpha3.ClientTLSSettings": { - "description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) for more details. These settings are common to both HTTP and TCP upstreams.", - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings.TLSmode" - }, - "clientCertificate": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "caCertificates": { - "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "credentialName": { - "description": "The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: \u003cprivateKey\u003e`, `cert: \u003cserverCert\u003e`, `cacert: \u003cCACertificate\u003e`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.", - "type": "array", - "items": { - "type": "string" - } - }, - "sni": { - "description": "SNI string to present to the server during TLS handshake.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ClientTLSSettings.TLSmode": { - "description": "TLS connection mode", - "type": "string", - "enum": [ - "DISABLE", - "SIMPLE", - "MUTUAL", - "ISTIO_MUTUAL" - ] - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive": { - "description": "TCP keepalive.", - "type": "object", - "properties": { - "time": { - "description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)", - "type": "string" - }, - "probes": { - "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)", - "type": "integer" - }, - "interval": { - "description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ExecHealthCheckConfig": { - "type": "object", - "properties": { - "command": { - "description": "Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.HTTPHeader": { - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.HTTPHealthCheckConfig": { - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "description": "Port on which the endpoint lives.", - "type": "integer" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "HTTP or HTTPS, defaults to HTTP", - "type": "string" - }, - "httpHeaders": { - "description": "Headers the proxy will pass on to make the request. Allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHeader" - } - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting": { - "description": "Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) The following example shows how to setup locality weights mesh-wide.", - "type": "object", - "properties": { - "distribute": { - "description": "Optional: only one of distribute or failover can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) If empty, the locality weight is set according to the endpoints number within it.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute" - } - }, - "failover": { - "description": "Optional: only failover or distribute can be set. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover" - } - }, - "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute": { - "description": "Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: `*` - matches all localities", - "type": "object", - "properties": { - "from": { - "description": "Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.", - "type": "string" - }, - "to": { - "description": "Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover": { - "description": "Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.", - "type": "object", - "properties": { - "from": { - "description": "Originating region.", - "type": "string" - }, - "to": { - "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ReadinessProbe": { - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before readiness probes are initiated.", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - }, - "istio.networking.v1alpha3.TCPHealthCheckConfig": { - "type": "object", - "properties": { - "port": { - "description": "Port of host", - "type": "integer" - }, - "host": { - "description": "Host to connect to, defaults to localhost", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated. +optional +patchMergeKey=mountPath +patchStrategy=merge", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated. +optional +patchMergeKey=mountPath +patchStrategy=merge", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "livenessProbe": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Probe" - }, - "readinessProbe": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Probe" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +optional", - "type": "string" - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes +optional +patchMergeKey=name +patchStrategy=merge,retainKeys", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Volume" - } - }, - "nodeSelector": { - "description": "Standard Kubernetes node selector configuration", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "affinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Affinity" - }, - "tolerations": { - "description": "google.protobuf.Int32Value replicaCount = 1 [(gogoproto.wktpointer) = true]; If specified, the pod's tolerations. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Toleration" - } - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. +optional", - "type": "string" - }, - "replicas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Replicas" - }, - "podMetadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "podDisruptionBudget": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PodDisruptionBudget" - }, - "deploymentStrategy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy" - }, - "podSecurityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodSecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "logLevel": { - "type": "string" - }, - "chained": { - "type": "boolean", - "nullable": true - }, - "binDir": { - "type": "string" - }, - "confDir": { - "type": "string" - }, - "excludeNamespaces": { - "type": "array", - "items": { - "type": "string" - } - }, - "includeNamespaces": { - "type": "array", - "items": { - "type": "string" - } - }, - "confFileName": { - "type": "string" - }, - "pspClusterRoleName": { - "type": "string" - }, - "repair": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration" - }, - "taint": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration" - }, - "resourceQuotas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas" - }, - "daemonset": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "labelPods": { - "type": "boolean", - "nullable": true - }, - "deletePods": { - "type": "boolean", - "nullable": true - }, - "initContainerName": { - "type": "string" - }, - "brokenPodLabelKey": { - "type": "string" - }, - "brokenPodLabelValue": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "pods": { - "type": "string" - }, - "priorityClasses": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration": { - "type": "object", - "properties": { - "container": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration" - }, - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ConfigState": { - "type": "string", - "enum": [ - "Unspecified", - "Created", - "ReconcileFailed", - "Reconciling", - "Available", - "Unmanaged" - ] - }, - "istio_operator.v2.api.v1alpha1.ContainerImageConfiguration": { - "type": "object", - "properties": { - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +optional +kubebuilder:validation:Enum=Always;Never;IfNotPresent", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "hub": { - "description": "Default hub for container images.", - "type": "string" - }, - "tag": { - "description": "Default tag for container images.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy": { - "type": "object", - "properties": { - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate. +optional", - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment": { - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "maxSurge": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration": { - "description": "ExternalIstiodConfiguration defines settings for local istiod to control remote clusters as well", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.GatewayType": { - "type": "string", - "enum": [ - "unspecified", - "ingress", - "egress" - ] - }, - "istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration": { - "type": "object", - "properties": { - "httpProxy": { - "type": "string" - }, - "httpsProxy": { - "type": "string" - }, - "noProxy": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.IntOrString": { - "description": "Synthetic type for generating Go structs. GOTYPE: *IntOrString", - "type": "object" - }, - "istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec": { - "description": "IstioControlPlane defines an Istio control plane", - "type": "object", - "properties": { - "version": { - "description": "Contains the intended version for the Istio control plane. +kubebuilder:validation:Pattern=^1.", - "type": "string" - }, - "mode": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ModeType" - }, - "sds": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SDSConfiguration" - }, - "logging": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.LoggingConfiguration" - }, - "mountMtlsCerts": { - "description": "Use the user-specified, secret volume mounted key and certs for Pilot and workloads.", - "type": "boolean", - "nullable": true - }, - "istiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IstiodConfiguration" - }, - "proxy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyConfiguration" - }, - "proxyInit": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyInitConfiguration" - }, - "telemetryV2": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TelemetryV2Configuration" - }, - "proxyWasm": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration" - }, - "watchOneNamespace": { - "description": "Whether to restrict the applications namespace the controller manages. If not set, controller watches all namespaces", - "type": "boolean", - "nullable": true - }, - "jwtPolicy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.JWTPolicyType" - }, - "caAddress": { - "description": "The customized CA address to retrieve certificates for the pods in the cluster. CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint.", - "type": "string" - }, - "distribution": { - "description": "Contains the intended distribution for the Istio control plane. The official distribution is used by default unless special preserved distribution value is set. The only preserved distribution is \"cisco\" as of now.", - "type": "string" - }, - "httpProxyEnvs": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration" - }, - "meshConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "meshID": { - "description": "Name of the Mesh to which this control plane belongs.", - "type": "string" - }, - "containerImageConfiguration": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ContainerImageConfiguration" - }, - "meshExpansion": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration" - }, - "clusterID": { - "description": "Cluster ID", - "type": "string" - }, - "networkName": { - "description": "Network defines the network this cluster belongs to. This name corresponds to the networks in the map of mesh networks. +default=network1", - "type": "string" - }, - "sidecarInjector": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus": { - "description": "\u003c!-- go code generation tags +genclient +k8s:deepcopy-gen=true --\u003e", - "type": "object", - "properties": { - "status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "meshConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - }, - "clusterID": { - "description": "Cluster ID", - "type": "string" - }, - "istioControlPlaneName": { - "description": "Name of the IstioControlPlane resource It is used on remote clusters in the PeerIstioControlPlane resource status to identify the original Istio control plane", - "type": "string" - }, - "gatewayAddress": { - "description": "Current addresses for the corresponding gateways", - "type": "array", - "items": { - "type": "string" - } - }, - "istiodAddresses": { - "description": "Current addresses for the corresponding istiod pods", - "type": "array", - "items": { - "type": "string" - } - }, - "injectionNamespaces": { - "description": "Namespaces which are set for injection for this control plane", - "type": "array", - "items": { - "type": "string" - } - }, - "caRootCertificate": { - "description": "Istio CA root certificate", - "type": "string" - }, - "errorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - }, - "checksums": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.StatusChecksums" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec": { - "description": "IstioMeshGateway defines an Istio ingress or egress gateway", - "type": "object", - "properties": { - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.GatewayType" - }, - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Service" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "runAsRoot": { - "description": "Whether to run the gateway in a privileged container", - "type": "boolean", - "nullable": true - }, - "istioControlPlane": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshGatewayStatus": { - "description": "\u003c!-- go code generation tags +genclient +k8s:deepcopy-gen=true --\u003e", - "type": "object", - "properties": { - "Status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "GatewayAddress": { - "description": "Current address for the gateway", - "type": "array", - "items": { - "type": "string" - } - }, - "ErrorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshSpec": { - "description": "Mesh defines an Istio service mesh", - "type": "object", - "properties": { - "config": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshStatus": { - "description": "\u003c!-- go code generation tags +genclient +k8s:deepcopy-gen=true --\u003e", - "type": "object", - "properties": { - "status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "errorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstiodConfiguration": { - "description": "IstiodConfiguration defines config options for Istiod", - "type": "object", - "properties": { - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "enableAnalysis": { - "description": "If enabled, pilot will run Istio analyzers and write analysis errors to the Status field of any Istio Resources", - "type": "boolean", - "nullable": true - }, - "enableStatus": { - "description": "If enabled, pilot will update the CRD Status field of all Istio resources with reconciliation status", - "type": "boolean", - "nullable": true - }, - "externalIstiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration" - }, - "traceSampling": { - "type": "number", - "nullable": true - }, - "enableProtocolSniffingOutbound": { - "description": "If enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported", - "type": "boolean", - "nullable": true - }, - "enableProtocolSniffingInbound": { - "description": "If enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported", - "type": "boolean", - "nullable": true - }, - "certProvider": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PilotCertProviderType" - }, - "spiffe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SPIFFEConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.JWTPolicyType": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "THIRD_PARTY_JWT", - "FIRST_PARTY_JWT" - ] - }, - "istio_operator.v2.api.v1alpha1.K8sObjectMeta": { - "description": "Generic k8s resource metadata", - "type": "object", - "properties": { - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch": { - "type": "object", - "properties": { - "groupVersionKind": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind" - }, - "objectKey": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - }, - "patches": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind": { - "type": "object", - "properties": { - "kind": { - "type": "string" - }, - "group": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type" - }, - "value": { - "type": "string" - }, - "parseValue": { - "type": "boolean" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type": { - "type": "string", - "enum": [ - "unspecified", - "replace", - "remove" - ] - }, - "istio_operator.v2.api.v1alpha1.LoggingConfiguration": { - "description": "Comma-separated minimum per-scope logging level of messages to output, in the form of \u003cscope\u003e:\u003clevel\u003e,\u003cscope\u003e:\u003clevel\u003e The control plane has different scopes depending on component, but can configure default log level across all components If empty, default scope and level will be used as configured in code", - "type": "object", - "properties": { - "level": { - "description": "+kubebuilder:validation:Pattern=`^([a-zA-Z]+:[a-zA-Z]+,?)+$`", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration": { - "type": "object", - "properties": { - "gateway": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration" - }, - "enabled": { - "type": "boolean", - "nullable": true - }, - "istiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod" - }, - "webhook": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook" - }, - "clusterServices": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices" - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration": { - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.UnprotectedService" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "runAsRoot": { - "description": "Whether to run the gateway in a privileged container", - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ModeType": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "ACTIVE", - "PASSIVE" - ] - }, - "istio_operator.v2.api.v1alpha1.NamespacedName": { - "type": "object", - "properties": { - "name": { - "description": "Name of the referenced Kubernetes resource", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referenced Kubernetes resource", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration": { - "description": "OperatorEndpointsConfiguration defines config options for automatic SPIFFE endpoints", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.PDBConfiguration": { - "description": "PDBConfiguration holds Pod Disruption Budget related config options", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.PilotCertProviderType": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "KUBERNETES", - "ISTIOD" - ] - }, - "istio_operator.v2.api.v1alpha1.PodDisruptionBudget": { - "description": "PodDisruptionBudget is a description of a PodDisruptionBudget", - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "minAvailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.Properties": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ProxyConfiguration": { - "description": "ProxyConfiguration defines config options for Proxy", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "type": "string" - }, - "lifecycle": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Lifecycle" - }, - "privileged": { - "description": "If set to true, istio-proxy container will have privileged securityContext", - "type": "boolean", - "nullable": true - }, - "holdApplicationUntilProxyStarts": { - "description": "Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready Default value is 'false'.", - "type": "boolean", - "nullable": true - }, - "enableCoreDump": { - "description": "If set, newly injected sidecars will have core dumps enabled.", - "type": "boolean", - "nullable": true - }, - "logLevel": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyLogLevel" - }, - "componentLogLevel": { - "description": "Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the \"LogLevel\" will be used. If left empty, \"misc:error\" is used.", - "type": "string" - }, - "clusterDomain": { - "description": "cluster domain. Default value is \"cluster.local\"", - "type": "string" - }, - "includeIPRanges": { - "description": "IncludeIPRanges the range where to capture egress traffic", - "type": "string" - }, - "excludeIPRanges": { - "description": "ExcludeIPRanges the range where not to capture egress traffic", - "type": "string" - }, - "excludeInboundPorts": { - "description": "ExcludeInboundPorts the comma separated list of inbound ports to be excluded from redirection to Envoy", - "type": "string" - }, - "excludeOutboundPorts": { - "description": "ExcludeOutboundPorts the comma separated list of outbound ports to be excluded from redirection to Envoy", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ProxyInitConfiguration": { - "description": "ProxyInitConfiguration defines config options for Proxy Init containers", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "type": "string" - }, - "cni": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.ProxyLogLevel": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "TRACE", - "DEBUG", - "INFO", - "WARNING", - "ERROR", - "CRITICAL", - "OFF" - ] - }, - "istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration": { - "description": "ProxyWasmConfiguration defines config options for Envoy wasm", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.Quantity": { - "description": "Synthetic type for generating Go structs. GOTYPE: *Quantity", - "type": "object" - }, - "istio_operator.v2.api.v1alpha1.Replicas": { - "description": "Replicas contains pod replica configuration", - "type": "object", - "properties": { - "count": { - "description": "Standard Kubernetes replica count configuration +kubebuilder:validation:Minimum=0", - "type": "integer", - "nullable": true - }, - "max": { - "description": "Standard Kubernetes maximum replicas configuration +kubebuilder:validation:Minimum=0", - "type": "integer", - "nullable": true - }, - "min": { - "description": "Standard Kubernetes minimum replicas configuration +kubebuilder:validation:Minimum=0", - "type": "integer", - "nullable": true - }, - "targetCPUUtilizationPercentage": { - "description": "target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. +optional +kubebuilder:validation:Minimum=0", - "type": "integer", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +optional", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +optional", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.SDSConfiguration": { - "description": "SDSConfiguration defines Secret Discovery Service config options", - "type": "object", - "properties": { - "tokenAudience": { - "description": "The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the JWT is intended for the CA.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.SPIFFEConfiguration": { - "description": "SPIFFEConfiguration is for SPIFFE configuration of Pilot", - "type": "object", - "properties": { - "operatorEndpoints": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.Service": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types +optional +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer", - "type": "string" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +patchMergeKey=port +patchStrategy=merge +listType=map +listMapKey=port +listMapKey=protocol +kubebuilder:validation:MinItems=1", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +optional", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +optional", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. +optional", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName. +optional", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. +optional", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local. +optional", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery. +optional", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. +optional", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ServicePort": { - "description": "ServicePort contains information on service's port.", - "type": "object", - "properties": { - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. if only one ServicePort is defined on this service. +optional", - "type": "string" - }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP. +optional +kubebuilder:default=TCP", - "type": "string" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32" - }, - "targetPort": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport +optional", - "type": "integer", - "format": "int32" - } - } - }, - "istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration": { - "type": "object", - "properties": { - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Service" - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - } - } - }, - "istio_operator.v2.api.v1alpha1.StatusChecksums": { - "description": "\u003c!-- go code generation tags +genclient +k8s:deepcopy-gen=true --\u003e", - "type": "object", - "properties": { - "meshConfig": { - "type": "string" - }, - "sidecarInjector": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.TelemetryV2Configuration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.UnprotectedService": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types +optional +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer", - "type": "string" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +patchMergeKey=port +patchStrategy=merge +listType=map +listMapKey=port +listMapKey=protocol", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +optional", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +optional", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. +optional", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName. +optional", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. +optional", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local. +optional", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery. +optional", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource": { - "description": "Represents a Persistent Disk resource in AWS.", - "type": "object", - "properties": { - "volumeID": { - "description": "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "fsType": { - "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine +optional", - "type": "string" - }, - "partition": { - "description": "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). +optional", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.Affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "type": "object", - "properties": { - "nodeAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeAffinity" - }, - "podAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinity" - }, - "podAntiAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAntiAffinity" - } - } - }, - "k8s.io.api.core.v1.AzureDiskVolumeSource": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "kind": { - "description": "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. +optional", - "type": "string" - }, - "readOnly": { - "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "diskName": { - "description": "The Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "The URI the data disk in the blob storage", - "type": "string" - }, - "cachingMode": { - "description": "Host Caching mode: None, Read Only, Read Write. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AzureFileVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "readOnly": { - "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "secretName": { - "description": "the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "Share Name", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.CSIVolumeSource": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. +optional", - "type": "string" - }, - "readOnly": { - "description": "Specifies a read-only configuration for the volume. Defaults to false (read/write). +optional", - "type": "boolean" - }, - "driver": { - "description": "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "volumeAttributes": { - "description": "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "nodePublishSecretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.Capabilities": { - "description": "Adds and removes POSIX capabilities from running containers.", - "type": "object", - "properties": { - "add": { - "description": "Added capabilities +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "drop": { - "description": "Removed capabilities +optional", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.CephFSVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "Optional: Used as the mounted root, rather than the full Ceph tree, default is / +optional", - "type": "string" - }, - "readOnly": { - "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +optional", - "type": "boolean" - }, - "monitors": { - "description": "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +optional", - "type": "string" - }, - "secretFile": { - "description": "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +optional", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.CinderVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +optional", - "type": "string" - }, - "readOnly": { - "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +optional", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.ClientIPConfig": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours). +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.ConfigMapKeySelector": { - "description": "Selects a key from a ConfigMap.", - "type": "object", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapProjection": { - "description": "Adapts a ConfigMap into a projected volume.", - "type": "object", - "properties": { - "items": { - "description": "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its keys must be defined +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapVolumeSource": { - "description": "Adapts a ConfigMap into a volume.", - "type": "object", - "properties": { - "items": { - "description": "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its keys must be defined +optional", - "type": "boolean" - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIProjection": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeFile": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "type": "object", - "properties": { - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "mode": { - "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeSource": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of downward API volume file +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.EmptyDirVolumeSource": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "medium": { - "description": "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +optional", - "type": "string" - }, - "sizeLimit": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.EnvVar": { - "description": "EnvVar represents an environment variable present in a Container.", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\". +optional", - "type": "string" - }, - "valueFrom": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVarSource" - } - } - }, - "k8s.io.api.core.v1.EnvVarSource": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "configMapKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapKeySelector" - }, - "secretKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretKeySelector" - } - } - }, - "k8s.io.api.core.v1.ExecAction": { - "description": "ExecAction describes a \"run in container\" action.", - "type": "object", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +optional", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FCVolumeSource": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine +optional", - "type": "string" - }, - "readOnly": { - "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "targetWWNs": { - "description": "Optional: FC target worldwide names (WWNs) +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "lun": { - "description": "Optional: FC target lun number +optional", - "type": "integer", - "format": "int32" - }, - "wwids": { - "description": "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. +optional", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlexVolumeSource": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script. +optional", - "type": "string" - }, - "readOnly": { - "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "driver": { - "description": "Driver is the name of the driver to use for this volume.", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "options": { - "description": "Optional: Extra command options if any. +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlockerVolumeSource": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "datasetName": { - "description": "Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated +optional", - "type": "string" - }, - "datasetUUID": { - "description": "UUID of the dataset. This is unique identifier of a Flocker dataset +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GCEPersistentDiskVolumeSource": { - "description": "Represents a Persistent Disk resource in Google Compute Engine.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine +optional", - "type": "string" - }, - "partition": { - "description": "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +optional", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +optional", - "type": "boolean" - }, - "pdName": { - "description": "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GitRepoVolumeSource": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.", - "type": "object", - "properties": { - "repository": { - "description": "Repository URL", - "type": "string" - }, - "revision": { - "description": "Commit hash for the specified revision. +optional", - "type": "string" - }, - "directory": { - "description": "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GlusterfsVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +optional", - "type": "boolean" - }, - "endpoints": { - "description": "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server. +optional", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead. +optional", - "type": "string" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP. +optional", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPHeader" - } - } - } - }, - "k8s.io.api.core.v1.HTTPHeader": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Handler": { - "description": "Handler defines a specific action that should be taken TODO: pass structured data to these actions, and document that data here.", - "type": "object", - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - }, - "httpGet": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPGetAction" - }, - "tcpSocket": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TCPSocketAction" - } - } - }, - "k8s.io.api.core.v1.HostPathVolumeSource": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ISCSIVolumeSource": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine +optional", - "type": "string" - }, - "readOnly": { - "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. +optional", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "lun": { - "description": "iSCSI Target Lun number.", - "type": "integer", - "format": "int32" - }, - "targetPortal": { - "description": "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string" - }, - "iqn": { - "description": "Target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "description": "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). +optional", - "type": "string" - }, - "portals": { - "description": "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "chapAuthDiscovery": { - "description": "whether support iSCSI Discovery CHAP authentication +optional", - "type": "boolean" - }, - "chapAuthSession": { - "description": "whether support iSCSI Session CHAP authentication +optional", - "type": "boolean" - }, - "initiatorName": { - "description": "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.KeyToPath": { - "description": "Maps a string key to a path within a volume.", - "type": "object", - "properties": { - "path": { - "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string" - }, - "key": { - "description": "The key to project.", - "type": "string" - }, - "mode": { - "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.Lifecycle": { - "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", - "type": "object", - "properties": { - "postStart": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Handler" - }, - "preStop": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Handler" - } - } - }, - "k8s.io.api.core.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NFSVolumeSource": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +optional", - "type": "boolean" - }, - "server": { - "description": "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NodeAffinity": { - "description": "Node affinity is a group of node affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelector" - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PreferredSchedulingTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelector": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", - "type": "object", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorRequirement": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +optional", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorTerm": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - } - } - }, - "k8s.io.api.core.v1.ObjectFieldSelector": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", - "type": "object", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\". +optional", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", - "type": "object", - "properties": { - "readOnly": { - "description": "Will force the ReadOnly setting in VolumeMounts. Default false. +optional", - "type": "boolean" - }, - "claimName": { - "description": "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource": { - "description": "Represents a Photon Controller persistent disk resource.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "ID that identifies Photon Controller persistent disk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PodAffinity": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodAffinityTerm": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\" +optional", - "type": "array", - "items": { - "type": "string" - } - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PodAntiAffinity": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodSecurityContext": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. +optional", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. +optional", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional", - "type": "boolean" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. +optional", - "type": "array", - "items": { - "type": "integer", - "format": "int64" - } - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----", - "type": "integer", - "format": "int64" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Sysctl" - } - } - } - }, - "k8s.io.api.core.v1.PortworxVolumeSource": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", - "type": "object", - "properties": { - "volumeID": { - "description": "VolumeID uniquely identifies a Portworx volume", - "type": "string" - }, - "fsType": { - "description": "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.PreferredSchedulingTerm": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "type": "object", - "properties": { - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "preference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - }, - "k8s.io.api.core.v1.Probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional", - "type": "integer", - "format": "int32" - }, - "handler": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Handler" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +optional", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. +optional", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.ProjectedVolumeSource": { - "description": "Represents a projected volume source", - "type": "object", - "properties": { - "defaultMode": { - "description": "Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - }, - "sources": { - "description": "list of volume projections", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeProjection" - } - } - } - }, - "k8s.io.api.core.v1.QuobyteVolumeSource": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "group": { - "description": "Group to map volume access to Default is no group +optional", - "type": "string" - }, - "readOnly": { - "description": "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. +optional", - "type": "boolean" - }, - "user": { - "description": "User to map volume access to Defaults to serivceaccount user +optional", - "type": "string" - }, - "registry": { - "description": "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", - "type": "string" - }, - "volume": { - "description": "Volume is a string that references an already created Quobyte volume by name.", - "type": "string" - }, - "tenant": { - "description": "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.RBDVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine +optional", - "type": "string" - }, - "readOnly": { - "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +optional", - "type": "boolean" - }, - "monitors": { - "description": "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +optional", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "image": { - "description": "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "pool": { - "description": "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +optional", - "type": "string" - }, - "keyring": { - "description": "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ResourceFieldSelector": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", - "type": "object", - "properties": { - "resource": { - "description": "Required: resource to select", - "type": "string" - }, - "containerName": { - "description": "Container name: required for volumes, optional for env vars +optional", - "type": "string" - }, - "divisor": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.SELinuxOptions": { - "description": "SELinuxOptions are the labels to be applied to the container", - "type": "object", - "properties": { - "type": { - "description": "Type is a SELinux type label that applies to the container. +optional", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container. +optional", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container. +optional", - "type": "string" - }, - "level": { - "description": "Level is SELinux level label that applies to the container. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ScaleIOVolumeSource": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\". +optional", - "type": "string" - }, - "readOnly": { - "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "The name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" - }, - "gateway": { - "description": "The host address of the ScaleIO API Gateway.", - "type": "string" - }, - "system": { - "description": "The name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "sslEnabled": { - "description": "Flag to enable/disable SSL communication with Gateway, default false +optional", - "type": "boolean" - }, - "protectionDomain": { - "description": "The name of the ScaleIO Protection Domain for the configured storage. +optional", - "type": "string" - }, - "storagePool": { - "description": "The ScaleIO Storage Pool associated with the protection domain. +optional", - "type": "string" - }, - "storageMode": { - "description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret.", - "type": "object", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretProjection": { - "description": "Adapts a secret into a projected volume.", - "type": "object", - "properties": { - "items": { - "description": "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined +optional", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretVolumeSource": { - "description": "Adapts a Secret into a volume.", - "type": "object", - "properties": { - "items": { - "description": "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "secretName": { - "description": "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +optional", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its keys must be defined +optional", - "type": "boolean" - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +optional", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.SecurityContext": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional", - "type": "boolean" - }, - "capabilities": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Capabilities" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. +optional", - "type": "boolean" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. +optional", - "type": "boolean" - }, - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +optional", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ServiceAccountTokenProjection": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", - "type": "object", - "properties": { - "path": { - "description": "Path is the path relative to the mount point of the file to project the token into.", - "type": "string" - }, - "audience": { - "description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. +optional", - "type": "string" - }, - "expirationSeconds": { - "description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. +optional", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.SessionAffinityConfig": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", - "type": "object", - "properties": { - "clientIP": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ClientIPConfig" - } - } - }, - "k8s.io.api.core.v1.StorageOSVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. +optional", - "type": "string" - }, - "readOnly": { - "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +optional", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Sysctl": { - "description": "Sysctl defines a kernel parameter to be set", - "type": "object", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString" - }, - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Toleration": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", - "type": "object", - "properties": { - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +optional", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +optional", - "type": "string" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. +optional", - "type": "string" - }, - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +optional", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +optional", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.Volume": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "type": "object", - "properties": { - "name": { - "description": "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "volumeSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeSource" - } - } - }, - "k8s.io.api.core.v1.VolumeMount": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "type": "object", - "properties": { - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +optional", - "type": "boolean" - }, - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root). +optional", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +optional", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapProjection" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretProjection" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIProjection" - }, - "serviceAccountToken": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ServiceAccountTokenProjection" - } - } - }, - "k8s.io.api.core.v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapVolumeSource" - }, - "gcePersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "awsElasticBlockStore": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "hostPath": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HostPathVolumeSource" - }, - "glusterfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GlusterfsVolumeSource" - }, - "nfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NFSVolumeSource" - }, - "rbd": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.RBDVolumeSource" - }, - "iscsi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ISCSIVolumeSource" - }, - "cinder": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CinderVolumeSource" - }, - "cephfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CephFSVolumeSource" - }, - "fc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FCVolumeSource" - }, - "flocker": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlockerVolumeSource" - }, - "flexVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlexVolumeSource" - }, - "azureFile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureFileVolumeSource" - }, - "vsphereVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource" - }, - "quobyte": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.QuobyteVolumeSource" - }, - "azureDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureDiskVolumeSource" - }, - "photonPersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PortworxVolumeSource" - }, - "scaleIO": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ScaleIOVolumeSource" - }, - "storageos": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.StorageOSVolumeSource" - }, - "csi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CSIVolumeSource" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretVolumeSource" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EmptyDirVolumeSource" - }, - "gitRepo": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GitRepoVolumeSource" - }, - "persistentVolumeClaim": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "projected": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ProjectedVolumeSource" - } - } - }, - "k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource": { - "description": "Represents a vSphere volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. +optional", - "type": "string" - }, - "volumePath": { - "description": "Path that identifies vSphere volume vmdk", - "type": "string" - }, - "storagePolicyName": { - "description": "Storage Policy Based Management (SPBM) profile name. +optional", - "type": "string" - }, - "storagePolicyID": { - "description": "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. +optional", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.WeightedPodAffinityTerm": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "type": "object", - "properties": { - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "podAffinityTerm": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - } - }, - "k8s.io.api.core.v1.WindowsSecurityContextOptions": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", - "type": "object", - "properties": { - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. +optional", - "type": "string" - }, - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. +optional", - "type": "string" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. +optional", - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors.", - "type": "object", - "properties": { - "string": { - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed. +optional", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed. +optional", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "key is the label key that the selector applies to. +patchMergeKey=key +patchStrategy=merge", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +optional", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.apimachinery.pkg.util.intstr.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. TODO: Rename to Int32OrString", - "type": "object", - "properties": { - "type": { - "type": "integer", - "format": "int64" - }, - "intVal": { - "type": "integer", - "format": "int32" - }, - "strVal": { - "type": "string" - } - } - } - } - } -} \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.gen.json b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.gen.json deleted file mode 100644 index e9c676cca..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.gen.json +++ /dev/null @@ -1,5172 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Istio control plane descriptor", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio.mesh.v1alpha1.AuthenticationPolicy": { - "description": "AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. It can be set for two different scopes, mesh-wide or set on a per-pod basis using the ProxyConfig annotation. Mesh policy cannot be INHERIT.", - "type": "string", - "enum": [ - "NONE", - "MUTUAL_TLS", - "INHERIT" - ] - }, - "istio.mesh.v1alpha1.Certificate": { - "type": "object", - "properties": { - "secretName": { - "description": "Name of the secret the certificate and its key will be stored into. If it is empty, it will not be stored into a secret. Instead, the certificate and its key will be stored into a hard-coded directory.", - "type": "string" - }, - "dnsNames": { - "description": "The DNS names for the certificate. A certificate may contain multiple DNS names.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ConfigSource": { - "description": "ConfigSource describes information about a configuration store inside a mesh. A single control plane instance can interact with one or more data sources.", - "type": "object", - "properties": { - "address": { - "description": "Address of the server implementing the Istio Mesh Configuration protocol (MCP). Can be IP address or a fully qualified DNS name. Use xds:// to specify a grpc-based xds backend, k8s:// to specify a k8s controller or fs:/// to specify a file-based backend with absolute path to the directory.", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "subscribedResources": { - "description": "Describes the source of configuration, if nothing is specified default is MCP", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Resource" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig": { - "description": "MeshConfig defines mesh-wide settings for the Istio service mesh.", - "type": "object", - "properties": { - "localityLbSetting": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting" - }, - "connectTimeout": { - "description": "Connection timeout used by Envoy. (MUST BE \u003e=1ms) Default timeout is 10s.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "h2UpgradePolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy" - }, - "caCertificates": { - "description": "The extra root certificates for workload-to-workload communication. The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) are automatically added by Istiod. The CA certificate that signs the workload certificates is automatically added by Istio Agent.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CertificateData" - } - }, - "proxyListenPort": { - "description": "Port on which Envoy should listen for incoming connections from other services. Default port is 15001.", - "type": "integer", - "format": "int32" - }, - "proxyHttpPort": { - "description": "Port on which Envoy should listen for HTTP PROXY requests if set.", - "type": "integer", - "format": "int32" - }, - "protocolDetectionTimeout": { - "description": "Automatic protocol detection uses a set of heuristics to determine whether the connection is using TLS or not (on the server side), as well as the application protocol being used (e.g., http vs tcp). These heuristics rely on the client sending the first bits of data. For server first protocols like MySQL, MongoDB, etc. Envoy will timeout on the protocol detection after the specified period, defaulting to non mTLS plain TCP traffic. Set this field to tweak the period that Envoy will wait for the client to send the first bits of data. (MUST BE \u003e=1ms or 0s to disable). Default detection timeout is 0s (no timeout).", - "type": "string" - }, - "ingressClass": { - "description": "Class of ingress resources to be processed by Istio ingress controller. This corresponds to the value of `kubernetes.io/ingress.class` annotation.", - "type": "string" - }, - "ingressService": { - "description": "Name of the Kubernetes service used for the istio ingress controller. If no ingress controller is specified, the default value `istio-ingressgateway` is used.", - "type": "string" - }, - "ingressControllerMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.IngressControllerMode" - }, - "ingressSelector": { - "description": "Defines which gateway deployment to use as the Ingress controller. This field corresponds to the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. By default, `ingressgateway` is used, which will select the default IngressGateway as it has the `istio: ingressgateway` labels. It is recommended that this is the same value as ingress_service.", - "type": "string" - }, - "enableTracing": { - "description": "Flag to control generation of trace spans and request IDs. Requires a trace span collector defined in the proxy configuration.", - "type": "boolean" - }, - "accessLogFile": { - "description": "File address for the proxy access log (e.g. /dev/stdout). Empty value disables access logging.", - "type": "string" - }, - "accessLogFormat": { - "description": "Format for the proxy access log Empty value results in proxy's default access log format", - "type": "string" - }, - "accessLogEncoding": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding" - }, - "enableEnvoyAccessLogService": { - "description": "This flag enables Envoy's gRPC Access Log Service. See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto) for details about Envoy's gRPC Access Log Service API. Default value is `false`.", - "type": "boolean" - }, - "disableEnvoyListenerLog": { - "description": "This flag disables Envoy Listener logs. See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) Istio Enables Envoy's listener access logs on \"NoRoute\" response flag. Default value is `false`.", - "type": "boolean" - }, - "defaultConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig" - }, - "outboundTrafficPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy" - }, - "configSources": { - "description": "ConfigSource describes a source of configuration data for networking rules, and other Istio configuration artifacts. Multiple data sources can be configured for a single control plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ConfigSource" - } - }, - "enableAutoMtls": { - "description": "This flag is used to enable mutual `TLS` automatically for service to service communication within the mesh, default true. If set to true, and a given service does not have a corresponding `DestinationRule` configured, or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side TLS configuration appropriately. More specifically, If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate for mutual `TLS` to connect to upstream. If upstream service is in plain text mode, use plain text. If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead.", - "type": "boolean", - "nullable": true - }, - "trustDomain": { - "description": "The trust domain corresponds to the trust root of a system. Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain)", - "type": "string" - }, - "trustDomainAliases": { - "description": "The trust domain aliases represent the aliases of `trust_domain`. For example, if we have ```yaml trustDomain: td1 trustDomainAliases: [\"td2\", \"td3\"] ``` Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultServiceExportTo": { - "description": "The default value for the ServiceEntry.export_to field and services imported through container registry integrations, e.g. this applies to Kubernetes Service resources. The value is a list of namespace names and reserved namespace aliases. The allowed namespace aliases are: ``` * - All Namespaces . - Current Namespace ~ - No Namespace ``` If not set the system will use \"*\" as the default value which implies that services are exported to all namespaces. `All namespaces` is a reasonable default for implementations that don't need to restrict access or visibility of services across namespace boundaries. If that requirement is present it is generally good practice to make the default `Current namespace` so that services are only visible within their own namespaces by default. Operators can then expand the visibility of services to other namespaces as needed. Use of `No Namespace` is expected to be rare but can have utility for deployments where dependency management needs to be precise even within the scope of a single namespace. For further discussion see the reference documentation for `ServiceEntry`, `Sidecar`, and `Gateway`.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultVirtualServiceExportTo": { - "description": "The default value for the VirtualService.export_to field. Has the same syntax as `default_service_export_to`. If not set the system will use \"*\" as the default value which implies that virtual services are exported to all namespaces", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultDestinationRuleExportTo": { - "description": "The default value for the `DestinationRule.export_to` field. Has the same syntax as `default_service_export_to`. If not set the system will use \"*\" as the default value which implies that destination rules are exported to all namespaces", - "type": "array", - "items": { - "type": "string" - } - }, - "rootNamespace": { - "description": "The namespace to treat as the administrative root namespace for Istio configuration. When processing a leaf namespace Istio will search for declarations in that namespace first and if none are found it will search in the root namespace. Any matching declaration found in the root namespace is processed as if it were declared in the leaf namespace. The precise semantics of this processing are documented on each resource type.", - "type": "string" - }, - "dnsRefreshRate": { - "description": "Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` Default refresh rate is `5s`.", - "type": "string" - }, - "inboundClusterStatName": { - "description": "Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `inbound|\u003cport\u003e|\u003cport-name\u003e|\u003cservice-FQDN\u003e`. For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern. A Pattern can be composed of various pre-defined variables. The following variables are supported. - `%SERVICE%` - Will be substituted with name of the service. - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. - `%SERVICE_PORT%` - Will be substituted with port of the service. - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. Following are some examples of supported patterns for reviews: - `%SERVICE_FQDN%_%SERVICE_PORT%` will use reviews.prod.svc.cluster.local_7443 as the stats name. - `%SERVICE%` will use reviews.prod as the stats name.", - "type": "string" - }, - "outboundClusterStatName": { - "description": "Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `outbound|\u003cport\u003e|\u003csubsetname\u003e|\u003cservice-FQDN\u003e`. For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern. A Pattern can be composed of various pre-defined variables. The following variables are supported. - `%SERVICE%` - Will be substituted with name of the service. - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. - `%SERVICE_PORT%` - Will be substituted with port of the service. - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. - `%SUBSET_NAME%` - Will be substituted with subset. Following are some examples of supported patterns for reviews: - `%SERVICE_FQDN%_%SERVICE_PORT%` will use `reviews.prod.svc.cluster.local_7443` as the stats name. - `%SERVICE%` will use reviews.prod as the stats name.", - "type": "string" - }, - "certificates": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Certificate" - } - }, - "serviceSettings": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings" - } - }, - "enablePrometheusMerge": { - "description": "If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and `prometheus.io/path` annotations. If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. In this case, it is recommended to disable aggregation on that deployment with the `prometheus.istio.io/merge-metrics: \"false\"` annotation. If not specified, this will be enabled by default.", - "type": "boolean", - "nullable": true - }, - "verifyCertificateAtClient": { - "type": "boolean", - "deprecated": true, - "nullable": true - }, - "ca": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CA" - }, - "extensionProviders": { - "description": "Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy can be used with an extension provider to delegate the authorization decision to a custom authorization system.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider" - } - }, - "defaultProviders": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.DefaultProviders" - }, - "discoverySelectors": { - "description": "A list of Kubernetes selectors that specify the set of namespaces that Istio considers when computing configuration updates for sidecars. This can be used to reduce Istio's computational load by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. If omitted, Istio will use the default behavior of processing all namespaces in the cluster. Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. The following example selects any namespace that matches either below: 1. The namespace has both of these labels: `env: prod` and `region: us-east1` 2. The namespace has label `app` equal to `cassandra` or `spark`. ```yaml discoverySelectors: - matchLabels: env: prod region: us-east1 - matchExpressions: - key: app operator: In values: - cassandra - spark ``` Refer to the [kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for additional detail on selector semantics.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - }, - "pathNormalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization" - }, - "defaultHttpRetryPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRetry" - }, - "meshMTLS": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.TLSConfig" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding": { - "type": "string", - "enum": [ - "TEXT", - "JSON" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.CA": { - "type": "object", - "properties": { - "address": { - "description": "REQUIRED. Address of the CA server implementing the Istio CA gRPC API. Can be IP address or a fully qualified DNS name with port Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "requestTimeout": { - "description": "timeout for forward CSR requests from Istiod to External CA Default: 10s", - "type": "string" - }, - "istiodSide": { - "description": "Use istiod_side to specify CA Server integrate to Istiod side or Agent side Default: true", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.CertificateData": { - "type": "object", - "properties": { - "certSigners": { - "description": "Optional. Specify the kubernetes signers (External CA) that use this trustAnchor when Istiod is acting as RA(registration authority) If set, they are used for these signers. Otherwise, this trustAnchor is used for all signers.", - "type": "array", - "items": { - "type": "string" - } - }, - "trustDomains": { - "description": "Optional. Specify the list of trust domains to which this trustAnchor data belongs. If set, they are used for these trust domains. Otherwise, this trustAnchor is used for default trust domain and its aliases. Note that we can have multiple trustAnchor data for a same trust_domain. In that case, trustAnchors with a same trust domain will be merged and used together to verify peer certificates. If neither cert_signers nor trust_domains is set, this trustAnchor is used for all trust domains and all signers. If only trust_domains is set, this trustAnchor is used for these trust_domains and all signers. If only cert_signers is set, this trustAnchor is used for these cert_signers and all trust domains. If both cert_signers and trust_domains is set, this trustAnchor is only used for these signers and trust domains.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.DefaultProviders": { - "description": "Holds the name references to the providers that will be used by default in other Istio configuration resources if the provider is not specified. These names must match a provider defined in `extension_providers` that is one of the supported tracing providers.", - "type": "object", - "properties": { - "tracing": { - "description": "Name of the default provider(s) for tracing.", - "type": "array", - "items": { - "type": "string" - } - }, - "metrics": { - "description": "Name of the default provider(s) for metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "accessLogging": { - "description": "Name of the default provider(s) for access logging.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider": { - "type": "object", - "properties": { - "name": { - "description": "REQUIRED. A unique name identifying the extension provider.", - "type": "string" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - }, - {} - ] - } - }, - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - }, - { - "not": { - "anyOf": [ - {}, - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - } - ] - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy": { - "description": "Default Policy for upgrading http1.1 connections to http2.", - "type": "string", - "enum": [ - "DO_NOT_UPGRADE", - "UPGRADE" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.IngressControllerMode": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "OFF", - "DEFAULT", - "STRICT" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy": { - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode": { - "type": "string", - "enum": [ - "REGISTRY_ONLY", - "ALLOW_ANY" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization": { - "type": "object", - "properties": { - "normalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType": { - "type": "string", - "enum": [ - "DEFAULT", - "NONE", - "BASE", - "MERGE_SLASHES", - "DECODE_AND_MERGE_SLASHES" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings": { - "type": "object", - "properties": { - "hosts": { - "description": "The services to which the Settings should be applied. Services are selected using the hostname matching rules used by DestinationRule. For example: foo.bar.svc.cluster.local, *.baz.svc.cluster.local", - "type": "array", - "items": { - "type": "string" - } - }, - "settings": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings": { - "description": "Settings for the selected services.", - "type": "object", - "properties": { - "clusterLocal": { - "description": "If true, specifies that the client and service endpoints must reside in the same cluster. By default, in multi-cluster deployments, the Istio control plane assumes all service endpoints to be reachable from any client in any of the clusters which are part of the mesh. This configuration option limits the set of service endpoints visible to a client to be cluster scoped. There are some common scenarios when this can be useful: - A service (or group of services) is inherently local to the cluster and has local storage for that cluster. For example, the kube-system namespace (e.g. the Kube API Server). - A mesh administrator wants to slowly migrate services to Istio. They might start by first having services cluster-local and then slowly transition them to mesh-wide. They could do this service-by-service (e.g. mysvc.myns.svc.cluster.local) or as a group (e.g. *.myns.svc.cluster.local). By default Istio will consider kubernetes.default.svc (i.e. the API Server) as well as all services in the kube-system namespace to be cluster-local, unless explicitly overridden here.", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.TLSConfig": { - "type": "object", - "properties": { - "minProtocolVersion": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol": { - "description": "TLS protocol versions.", - "type": "string", - "enum": [ - "TLS_AUTO", - "TLSV1_2", - "TLSV1_3" - ] - }, - "istio.mesh.v1alpha1.PrivateKeyProvider": { - "description": "PrivateKeyProvider defines private key configuration for gateways and sidecars. This can be configured mesh wide or individual per-workload basis.", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "cryptomb" - ], - "properties": { - "cryptomb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - } - } - }, - { - "required": [ - "qat" - ], - "properties": { - "qat": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - } - } - } - ] - } - }, - { - "required": [ - "cryptomb" - ], - "properties": { - "cryptomb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - } - } - }, - { - "required": [ - "qat" - ], - "properties": { - "qat": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - } - } - } - ] - }, - "istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - }, - "istio.mesh.v1alpha1.PrivateKeyProvider.QAT": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - }, - "istio.mesh.v1alpha1.ProxyConfig": { - "description": "ProxyConfig defines variables for individual Envoy instances. This can be configured on a per-workload basis as well as by the mesh-wide defaults. To set the mesh wide defaults, configure the `defaultConfig` section of `meshConfig`. For example: ``` meshConfig: defaultConfig: discoveryAddress: istiod:15012 ``` This can also be configured on a per-workload basis by configuring the `proxy.istio.io/config` annotation on the pod. For example: ``` annotations: proxy.istio.io/config: | discoveryAddress: istiod:15012 ``` If both are configured, the two are merged with per field semantics; the field set in annotation will fully replace the field from mesh config defaults. This is different than a deep merge provided by protobuf. For example, `\"tracing\": { \"sampling\": 5 }` would completely override a setting configuring a tracing provider such as `\"tracing\": { \"zipkin\": { \"address\": \"...\" } }`. Note: fields in ProxyConfig are not dynamically configured; changes will require restart of workloads to take effect.", - "type": "object", - "properties": { - "image": { - "$ref": "#/components/schemas/istio.networking.v1beta1.ProxyImage" - }, - "readinessProbe": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ReadinessProbe" - }, - "tracing": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing" - }, - "concurrency": { - "description": "The number of worker threads to run. If unset, this will be automatically determined based on CPU requests/limits. If set to 0, all cores on the machine will be used. Default is 2 worker threads.", - "type": "integer", - "nullable": true - }, - "configPath": { - "description": "Path to the generated configuration file directory. Proxy agent generates the actual configuration and stores it in this directory.", - "type": "string" - }, - "binaryPath": { - "description": "Path to the proxy binary", - "type": "string" - }, - "drainDuration": { - "description": "The time in seconds that Envoy will drain connections during a hot restart. MUST be \u003e=1s (e.g., _1s/1m/1h_) Default drain duration is `45s`.", - "type": "string" - }, - "discoveryAddress": { - "description": "Address of the discovery service exposing xDS with mTLS connection. The inject configuration may override this value.", - "type": "string" - }, - "discoveryRefreshDelay": { - "type": "string", - "deprecated": true - }, - "zipkinAddress": { - "description": "Address of the Zipkin service (e.g. _zipkin:9411_). DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead.", - "type": "string", - "deprecated": true - }, - "statsdUdpAddress": { - "description": "IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`).", - "type": "string" - }, - "envoyMetricsServiceAddress": { - "type": "string", - "deprecated": true - }, - "proxyAdminPort": { - "description": "Port on which Envoy should listen for administrative commands. Default port is `15000`.", - "type": "integer", - "format": "int32" - }, - "availabilityZone": { - "type": "string", - "deprecated": true - }, - "controlPlaneAuthPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.AuthenticationPolicy" - }, - "customConfigFile": { - "description": "File path of custom proxy configuration, currently used by proxies in front of Mixer and Pilot.", - "type": "string" - }, - "statNameLength": { - "description": "Maximum length of name field in Envoy's metrics. The length of the name field is determined by the length of a name field in a service and the set of labels that comprise a particular version of the service. The default value is set to 189 characters. Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. Increase the value of this field if you find that the metrics from Envoys are truncated.", - "type": "integer", - "format": "int32" - }, - "proxyBootstrapTemplatePath": { - "description": "Path to the proxy bootstrap template file", - "type": "string" - }, - "interceptionMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode" - }, - "sds": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.SDS", - "deprecated": true - }, - "envoyAccessLogService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "envoyMetricsService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "proxyMetadata": { - "description": "Additional environment variables for the proxy. Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "runtimeValues": { - "description": "Envoy [runtime configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/runtime) to set during bootstrapping. This enables setting experimental, unsafe, unsupported, and deprecated features that should be used with extreme caution.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "statusPort": { - "description": "Port on which the agent should listen for administrative commands such as readiness probe. Default is set to port `15020`.", - "type": "integer", - "format": "int32" - }, - "extraStatTags": { - "description": "An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be added by configuring the telemetry extension. Each additional tag needs to be present in this list. Extra tags emitted by the telemetry extensions must be listed here so that they can be processed and exposed as Prometheus metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "gatewayTopology": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology" - }, - "terminationDrainDuration": { - "description": "The amount of time allowed for connections to complete on proxy shutdown. On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start draining, preventing any new connections and allowing existing connections to complete. It then sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. If not set, a default of `5s` will be applied.", - "type": "string" - }, - "meshId": { - "description": "The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) All control planes running in the same service mesh should specify the same mesh ID. Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together.", - "type": "string" - }, - "proxyStatsMatcher": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher" - }, - "holdApplicationUntilProxyStarts": { - "description": "Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. This feature adds hooks to delay application startup until the pod proxy is ready to accept traffic, mitigating some startup race conditions. Default value is 'false'.", - "type": "boolean", - "nullable": true - }, - "caCertificatesPem": { - "description": "The PEM data of the extra root certificates for workload-to-workload communication. This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) are added automatically by Istiod.", - "type": "array", - "items": { - "type": "string" - } - }, - "privateKeyProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "serviceCluster" - ], - "properties": { - "serviceCluster": { - "description": "Service cluster defines the name for the `service_cluster` that is shared by all Envoy instances. This setting corresponds to `--service-cluster` flag in Envoy. In a typical Envoy deployment, the `service-cluster` flag is used to identify the caller, for source-based routing scenarios. Since Istio does not assign a local `service/service` version to each Envoy instance, the name is same for all of them. However, the source/caller's identity (e.g., IP address) is encoded in the `--service-node` flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the `service-node` flag to compute routes that are relative to the service instances located at that IP address.", - "type": "string" - } - } - }, - { - "required": [ - "tracingServiceName" - ], - "properties": { - "tracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - } - } - } - ] - } - }, - { - "required": [ - "serviceCluster" - ], - "properties": { - "serviceCluster": { - "description": "Service cluster defines the name for the `service_cluster` that is shared by all Envoy instances. This setting corresponds to `--service-cluster` flag in Envoy. In a typical Envoy deployment, the `service-cluster` flag is used to identify the caller, for source-based routing scenarios. Since Istio does not assign a local `service/service` version to each Envoy instance, the name is same for all of them. However, the source/caller's identity (e.g., IP address) is encoded in the `--service-node` flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the `service-node` flag to compute routes that are relative to the service instances located at that IP address.", - "type": "string" - } - } - }, - { - "required": [ - "tracingServiceName" - ], - "properties": { - "tracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - } - } - } - ] - }, - "istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode": { - "description": "The mode used to redirect inbound traffic to Envoy. This setting has no effect on outbound traffic: iptables `REDIRECT` is always used for outbound connections.", - "type": "string", - "enum": [ - "REDIRECT", - "TPROXY", - "NONE" - ] - }, - "istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher": { - "description": "Proxy stats name matchers for stats creation. Note this is in addition to the minimum Envoy stats that Istio generates by default.", - "type": "object", - "properties": { - "inclusionPrefixes": { - "description": "Proxy stats name prefix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionSuffixes": { - "description": "Proxy stats name suffix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionRegexps": { - "description": "Proxy stats name regexps matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ProxyConfig.TracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - }, - "istio.mesh.v1alpha1.RemoteService": { - "type": "object", - "properties": { - "address": { - "description": "Address of a remove service used for various purposes (access log receiver, metrics receiver, etc.). Can be IP address or a fully qualified DNS name.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - } - } - }, - "istio.mesh.v1alpha1.Resource": { - "description": "Resource describes the source of configuration", - "type": "string", - "enum": [ - "SERVICE_REGISTRY" - ] - }, - "istio.mesh.v1alpha1.SDS": { - "description": "SDS defines secret discovery service(SDS) configuration to be used by the proxy. For workload, its values are set in sidecar injector(passed as arguments to istio-proxy container). For pilot/mixer, it's passed as arguments to istio-proxy container in pilot/mixer deployment yaml files directly. $hide_from_docs", - "type": "object", - "properties": { - "enabled": { - "description": "True if SDS is enabled.", - "type": "boolean" - }, - "k8sSaJwtPath": { - "description": "Path of k8s service account JWT path.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Topology": { - "type": "object", - "properties": { - "numTrustedProxies": { - "type": "integer" - }, - "forwardClientCertDetails": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology.ForwardClientCertDetails" - } - } - }, - "istio.mesh.v1alpha1.Topology.ForwardClientCertDetails": { - "type": "string", - "enum": [ - "UNDEFINED", - "SANITIZE", - "FORWARD_ONLY", - "APPEND_FORWARD", - "SANITIZE_SET", - "ALWAYS_FORWARD_ONLY" - ] - }, - "istio.mesh.v1alpha1.Tracing": { - "description": "Tracing defines configuration for the tracing performed by Envoy instances.", - "type": "object", - "properties": { - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "customTags": { - "description": "Configures the custom tags to be added to active span by all proxies (i.e. sidecars and gateways). The key represents the name of the tag. Ex: ```yaml custom_tags: new_tag_name: header: name: custom-http-header-name default_value: defaulted-value-from-custom-header ``` $hide_from_docs", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.CustomTag" - } - }, - "maxPathTagLength": { - "description": "Configures the maximum length of the request path to extract and include in the HttpUrl tag. Used to truncate length request paths to meet the needs of tracing backend. If not set, then a length of 256 will be used. $hide_from_docs", - "type": "integer" - }, - "sampling": { - "description": "The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, if not requested by the client or not forced. Default is 1.0.", - "type": "number", - "format": "double" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.CustomTag": { - "description": "Configure custom tags that will be added to any active span. Tags can be generated via literals, environment variables or an incoming request header. $hide_from_docs", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - } - }, - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.Datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - }, - "istio.mesh.v1alpha1.Tracing.Environment": { - "description": "Environment is the proxy's environment variable to be used for populating the custom span tag. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable used to populate the tag's value", - "type": "string" - }, - "defaultValue": { - "description": "When the environment variable is not found, the tag's value will be populated with this default value if specified, otherwise the tag will not be populated.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - }, - "istio.mesh.v1alpha1.Tracing.Literal": { - "description": "Literal type represents a static value. $hide_from_docs", - "type": "object", - "properties": { - "value": { - "description": "Static literal value used to populate the tag value.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.OpenCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - }, - "istio.mesh.v1alpha1.Tracing.RequestHeader": { - "description": "RequestHeader is the HTTP request header which will be used to populate the span tag. A default value can be configured if the header does not exist. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "HTTP header name used to obtain the value from to populate the tag value.", - "type": "string" - }, - "defaultValue": { - "description": "Default value to be used for the tag when the named HTTP header does not exist. The tag will be skipped if no default value is provided.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - }, - "istio.mesh.v1alpha1.Tracing.Zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - }, - "istio.networking.v1alpha3.ClientTLSSettings": { - "description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) for more details. These settings are common to both HTTP and TCP upstreams. For example, the following rule configures a client to use mutual TLS for connections to upstream database cluster. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: db-mtls spec: host: mydbserver.prod.svc.cluster.local trafficPolicy: tls: mode: MUTUAL clientCertificate: /etc/certs/myclientcert.pem privateKey: /etc/certs/client_private_key.pem caCertificates: /etc/certs/rootcacerts.pem ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: db-mtls spec: host: mydbserver.prod.svc.cluster.local trafficPolicy: tls: mode: MUTUAL clientCertificate: /etc/certs/myclientcert.pem privateKey: /etc/certs/client_private_key.pem caCertificates: /etc/certs/rootcacerts.pem ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}} The following rule configures a client to use TLS when talking to a foreign service whose domain matches *.foo.com. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: tls-foo spec: host: \"*.foo.com\" trafficPolicy: tls: mode: SIMPLE ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: tls-foo spec: host: \"*.foo.com\" trafficPolicy: tls: mode: SIMPLE ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}} The following rule configures a client to use Istio mutual TLS when talking to rating services. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: ratings-istio-mtls spec: host: ratings.prod.svc.cluster.local trafficPolicy: tls: mode: ISTIO_MUTUAL ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: ratings-istio-mtls spec: host: ratings.prod.svc.cluster.local trafficPolicy: tls: mode: ISTIO_MUTUAL ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}}", - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings.TLSmode" - }, - "clientCertificate": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "caCertificates": { - "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "credentialName": { - "description": "The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: \u003cprivateKey\u003e`, `cert: \u003cclientCert\u003e`, `cacert: \u003cCACertificate\u003e`. Here CACertificate is used to verify the server certificate. For mutual TLS, `cacert: \u003cCACertificate\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is applicable at sidecars only if `DestinationRule` has a `workloadSelector` specified. Otherwise the field will be applicable only at gateways, and sidecars will continue to use the certificate paths.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry. If unspecified, automatic validation of upstream presented certificate for new upstream connections will be done based on the downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` and `ENABLE_AUTO_SNI` environmental variables are set to `true`.", - "type": "array", - "items": { - "type": "string" - } - }, - "sni": { - "description": "SNI string to present to the server during TLS handshake. If unspecified, SNI will be automatically set based on downstream HTTP host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` environmental variable is set to `true`.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host. This flag should only be set if global CA signature verifcation is enabled, `VerifyCertAtClient` environmental variable is set to `true`, but no verification is desired for a specific host. If enabled with or without `VerifyCertAtClient` enabled, verification of the CA signature and SAN will be skipped. `InsecureSkipVerify` is `false` by default. `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will be `true` by default in a later version where, going forward, it will be enabled by default.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.ClientTLSSettings.TLSmode": { - "description": "TLS connection mode", - "type": "string", - "enum": [ - "DISABLE", - "SIMPLE", - "MUTUAL", - "ISTIO_MUTUAL" - ] - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive": { - "description": "TCP keepalive.", - "type": "object", - "properties": { - "time": { - "description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)", - "type": "string" - }, - "probes": { - "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)", - "type": "integer" - }, - "interval": { - "description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ExecHealthCheckConfig": { - "type": "object", - "properties": { - "command": { - "description": "Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.HTTPHeader": { - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.HTTPHealthCheckConfig": { - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "description": "Port on which the endpoint lives.", - "type": "integer" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "HTTP or HTTPS, defaults to HTTP", - "type": "string" - }, - "httpHeaders": { - "description": "Headers the proxy will pass on to make the request. Allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHeader" - } - } - } - }, - "istio.networking.v1alpha3.HTTPRetry": { - "description": "Describes the retry policy to use when a HTTP request fails. For example, the following rule sets the maximum number of retries to 3 when calling ratings:v1 service, with a 2s timeout per retry attempt. A retry will be attempted if there is a connect-failure, refused_stream or when the upstream server responds with Service Unavailable(503). {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - route: - destination: host: ratings.prod.svc.cluster.local subset: v1 retries: attempts: 3 perTryTimeout: 2s retryOn: connect-failure,refused-stream,503 ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - route: - destination: host: ratings.prod.svc.cluster.local subset: v1 retries: attempts: 3 perTryTimeout: 2s retryOn: gateway-error,connect-failure,refused-stream ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}}", - "type": "object", - "properties": { - "attempts": { - "description": "Number of retries to be allowed for a given request. The interval between retries will be determined automatically (25ms+). When request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) or `per_try_timeout` is configured, the actual number of retries attempted also depends on the specified request `timeout` and `per_try_timeout` values.", - "type": "integer", - "format": "int32" - }, - "perTryTimeout": { - "description": "Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is same value as request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), which means no timeout.", - "type": "string" - }, - "retryOn": { - "description": "Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details.", - "type": "string" - }, - "retryRemoteLocalities": { - "description": "Flag to specify whether the retries should retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting": { - "description": "Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) The following example shows how to setup locality weights mesh-wide. Given a mesh with workloads and their service deployed to \"us-west/zone1/*\" and \"us-west/zone2/*\". This example specifies that when traffic accessing a service originates from workloads in \"us-west/zone1/*\", 80% of the traffic will be sent to endpoints in \"us-west/zone1/*\", i.e the same zone, and the remaining 20% will go to endpoints in \"us-west/zone2/*\". This setup is intended to favor routing traffic to endpoints in the same locality. A similar setting is specified for traffic originating in \"us-west/zone2/*\". ```yaml distribute: - from: us-west/zone1/* to: \"us-west/zone1/*\": 80 \"us-west/zone2/*\": 20 - from: us-west/zone2/* to: \"us-west/zone1/*\": 20 \"us-west/zone2/*\": 80 ``` If the goal of the operator is not to distribute load across zones and regions but rather to restrict the regionality of failover to meet other operational requirements an operator can set a 'failover' policy instead of a 'distribute' policy. The following example sets up a locality failover policy for regions. Assume a service resides in zones within us-east, us-west \u0026 eu-west this example specifies that when endpoints within us-east become unhealthy traffic should failover to endpoints in any zone or sub-zone within eu-west and similarly us-west should failover to us-east. ```yaml failover: - from: us-east to: eu-west - from: us-west to: us-east ``` Locality load balancing settings.", - "type": "object", - "properties": { - "distribute": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) If empty, the locality weight is set according to the endpoints number within it.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute" - } - }, - "failover": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover" - } - }, - "failoverPriority": { - "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. This is to support traffic failover across different groups of endpoints. Suppose there are total N labels specified: 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. 4. All the other endpoints have priority P(N) i.e. lowest priority. Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. It can be any label specified on both client and server workloads. The following labels which have special semantic meaning are also supported: - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. The below topology config indicates the following priority levels: ```yaml failoverPriority: - \"topology.istio.io/network\" - \"topology.kubernetes.io/region\" - \"topology.kubernetes.io/zone\" - \"topology.istio.io/subzone\" ``` 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. 5. all the other endpoints have the same lowest priority. Optional: only one of distribute, failover or failoverPriority can be set. And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect.", - "type": "array", - "items": { - "type": "string" - } - }, - "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute": { - "description": "Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: `*` - matches all localities `us-west/*` - all zones and sub-zones within the us-west region `us-west/zone-1/*` - all sub-zones within us-west/zone-1", - "type": "object", - "properties": { - "from": { - "description": "Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.", - "type": "string" - }, - "to": { - "description": "Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover": { - "description": "Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.", - "type": "object", - "properties": { - "from": { - "description": "Originating region.", - "type": "string" - }, - "to": { - "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ReadinessProbe": { - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before readiness probes are initiated.", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - }, - "istio.networking.v1alpha3.TCPHealthCheckConfig": { - "type": "object", - "properties": { - "port": { - "description": "Port of host", - "type": "integer" - }, - "host": { - "description": "Host to connect to, defaults to localhost", - "type": "string" - } - } - }, - "istio.networking.v1beta1.ProxyImage": { - "description": "The following values are used to construct proxy image url. format: `${hub}/${image_name}/${tag}-${image_type}`, example: `docker.io/istio/proxyv2:1.11.1` or `docker.io/istio/proxyv2:1.11.1-distroless`. This information was previously part of the Values API.", - "type": "object", - "properties": { - "imageType": { - "description": "The image type of the image. Istio publishes default, debug, and distroless images. Other values are allowed if those image types (example: centos) are published to the specified hub. supported values: default, debug, distroless.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "livenessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "readinessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Volume" - } - }, - "nodeSelector": { - "description": "Standard Kubernetes node selector configuration", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "affinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Affinity" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Toleration" - } - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", - "type": "string" - }, - "topologySpreadConstraints": { - "description": "Used to control how Pods are spread across a cluster among failure-domains. This can help to achieve high availability as well as efficient resource utilization. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TopologySpreadConstraint" - } - }, - "replicas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Replicas" - }, - "podMetadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "podDisruptionBudget": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PodDisruptionBudget" - }, - "deploymentStrategy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy" - }, - "podSecurityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodSecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "logLevel": { - "type": "string" - }, - "chained": { - "type": "boolean", - "nullable": true - }, - "binDir": { - "type": "string" - }, - "confDir": { - "type": "string" - }, - "excludeNamespaces": { - "type": "array", - "items": { - "type": "string" - } - }, - "includeNamespaces": { - "type": "array", - "items": { - "type": "string" - } - }, - "confFileName": { - "type": "string" - }, - "pspClusterRoleName": { - "type": "string" - }, - "repair": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration" - }, - "taint": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration" - }, - "resourceQuotas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas" - }, - "daemonset": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "labelPods": { - "type": "boolean", - "nullable": true - }, - "deletePods": { - "type": "boolean", - "nullable": true - }, - "initContainerName": { - "type": "string" - }, - "brokenPodLabelKey": { - "type": "string" - }, - "brokenPodLabelValue": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - }, - "pods": { - "type": "string" - }, - "priorityClasses": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration": { - "type": "object", - "properties": { - "container": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration" - }, - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ConfigState": { - "type": "string", - "enum": [ - "Unspecified", - "Created", - "ReconcileFailed", - "Reconciling", - "Available", - "Unmanaged" - ] - }, - "istio_operator.v2.api.v1alpha1.ContainerImageConfiguration": { - "type": "object", - "properties": { - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "hub": { - "description": "Default hub for container images.", - "type": "string" - }, - "tag": { - "description": "Default tag for container images.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.CustomSidecarInjectionTemplates": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "template": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy": { - "type": "object", - "properties": { - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment": { - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "maxSurge": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration": { - "description": "ExternalIstiodConfiguration defines settings for local istiod to control remote clusters as well", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPHeader" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration": { - "type": "object", - "properties": { - "httpProxy": { - "type": "string" - }, - "httpsProxy": { - "type": "string" - }, - "noProxy": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. GOTYPE: *IntOrString", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ] - }, - "istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec": { - "description": "IstioControlPlane defines an Istio control plane", - "type": "object", - "properties": { - "version": { - "description": "Contains the intended version for the Istio control plane.", - "type": "string" - }, - "mode": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ModeType" - }, - "logging": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.LoggingConfiguration" - }, - "sds": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SDSConfiguration" - }, - "mountMtlsCerts": { - "description": "Use the user-specified, secret volume mounted key and certs for Pilot and workloads.", - "type": "boolean", - "nullable": true - }, - "istiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IstiodConfiguration" - }, - "proxy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyConfiguration" - }, - "proxyInit": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyInitConfiguration" - }, - "telemetryV2": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TelemetryV2Configuration" - }, - "proxyWasm": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration" - }, - "watchOneNamespace": { - "description": "Whether to restrict the applications namespace the controller manages. If not set, controller watches all namespaces", - "type": "boolean", - "nullable": true - }, - "jwtPolicy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.JWTPolicyType" - }, - "caAddress": { - "description": "The customized CA address to retrieve certificates for the pods in the cluster. CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint.", - "type": "string" - }, - "caProvider": { - "description": "The name of the CA for workload certificates.", - "type": "string" - }, - "distribution": { - "description": "Contains the intended distribution for the Istio control plane. The official distribution is used by default unless special preserved distribution value is set. The only preserved distribution is \"cisco\" as of now.", - "type": "string" - }, - "httpProxyEnvs": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration" - }, - "meshConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "meshID": { - "description": "Name of the Mesh to which this control plane belongs.", - "type": "string" - }, - "containerImageConfiguration": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ContainerImageConfiguration" - }, - "meshExpansion": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration" - }, - "clusterID": { - "description": "Cluster ID", - "type": "string" - }, - "networkName": { - "description": "Network defines the network this cluster belongs to. This name corresponds to the networks in the map of mesh networks.", - "type": "string" - }, - "sidecarInjector": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration" - }, - "tracer": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus": { - "type": "object", - "properties": { - "status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "meshConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - }, - "clusterID": { - "description": "Cluster ID", - "type": "string" - }, - "istioControlPlaneName": { - "description": "Name of the IstioControlPlane resource It is used on remote clusters in the PeerIstioControlPlane resource status to identify the original Istio control plane", - "type": "string" - }, - "gatewayAddress": { - "description": "Current addresses for the corresponding gateways", - "type": "array", - "items": { - "type": "string" - } - }, - "istiodAddresses": { - "description": "Current addresses for the corresponding istiod pods", - "type": "array", - "items": { - "type": "string" - } - }, - "injectionNamespaces": { - "description": "Namespaces which are set for injection for this control plane", - "type": "array", - "items": { - "type": "string" - } - }, - "caRootCertificate": { - "description": "Istio CA root certificate", - "type": "string" - }, - "errorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - }, - "checksums": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.StatusChecksums" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstiodConfiguration": { - "description": "IstiodConfiguration defines config options for Istiod", - "type": "object", - "properties": { - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "enableAnalysis": { - "description": "If enabled, pilot will run Istio analyzers and write analysis errors to the Status field of any Istio Resources", - "type": "boolean", - "nullable": true - }, - "enableStatus": { - "description": "If enabled, pilot will update the CRD Status field of all Istio resources with reconciliation status", - "type": "boolean", - "nullable": true - }, - "externalIstiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration" - }, - "traceSampling": { - "type": "number", - "nullable": true - }, - "enableProtocolSniffingOutbound": { - "description": "If enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported", - "type": "boolean", - "nullable": true - }, - "enableProtocolSniffingInbound": { - "description": "If enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported", - "type": "boolean", - "nullable": true - }, - "certProvider": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PilotCertProviderType" - }, - "spiffe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SPIFFEConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.JWTPolicyType": { - "type": "string", - "enum": [ - "JWTPolicyType_UNSPECIFIED", - "THIRD_PARTY_JWT", - "FIRST_PARTY_JWT" - ] - }, - "istio_operator.v2.api.v1alpha1.K8sObjectMeta": { - "description": "Generic k8s resource metadata", - "type": "object", - "properties": { - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch": { - "type": "object", - "properties": { - "groupVersionKind": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind" - }, - "objectKey": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - }, - "patches": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind": { - "type": "object", - "properties": { - "kind": { - "type": "string" - }, - "group": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type" - }, - "value": { - "type": "string" - }, - "parseValue": { - "type": "boolean" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type": { - "type": "string", - "enum": [ - "unspecified", - "replace", - "remove" - ] - }, - "istio_operator.v2.api.v1alpha1.LoggingConfiguration": { - "description": "Comma-separated minimum per-scope logging level of messages to output, in the form of \u003cscope\u003e:\u003clevel\u003e,\u003cscope\u003e:\u003clevel\u003e The control plane has different scopes depending on component, but can configure default log level across all components If empty, default scope and level will be used as configured in code", - "type": "object", - "properties": { - "level": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration": { - "type": "object", - "properties": { - "gateway": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration" - }, - "enabled": { - "type": "boolean", - "nullable": true - }, - "istiod": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod" - }, - "webhook": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook" - }, - "clusterServices": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices" - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration": { - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.UnprotectedService" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "runAsRoot": { - "description": "Whether to run the gateway in a privileged container", - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook": { - "type": "object", - "properties": { - "expose": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ModeType": { - "type": "string", - "enum": [ - "ModeType_UNSPECIFIED", - "ACTIVE", - "PASSIVE" - ] - }, - "istio_operator.v2.api.v1alpha1.NamespacedName": { - "type": "object", - "properties": { - "name": { - "description": "Name of the referenced Kubernetes resource", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referenced Kubernetes resource", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration": { - "description": "OperatorEndpointsConfiguration defines config options for automatic SPIFFE endpoints", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.PDBConfiguration": { - "description": "PDBConfiguration holds Pod Disruption Budget related config options", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.PilotCertProviderType": { - "type": "string", - "enum": [ - "PilotCertProviderType_UNSPECIFIED", - "KUBERNETES", - "ISTIOD" - ] - }, - "istio_operator.v2.api.v1alpha1.PodDisruptionBudget": { - "description": "PodDisruptionBudget is a description of a PodDisruptionBudget", - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "minAvailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.Probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "type": "integer", - "format": "int64" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - }, - "istio_operator.v2.api.v1alpha1.ProxyConfiguration": { - "description": "ProxyConfiguration defines config options for Proxy", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "type": "string" - }, - "lifecycle": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Lifecycle" - }, - "privileged": { - "description": "If set to true, istio-proxy container will have privileged securityContext", - "type": "boolean", - "nullable": true - }, - "holdApplicationUntilProxyStarts": { - "description": "Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready Default value is 'false'.", - "type": "boolean", - "nullable": true - }, - "tracer": { - "description": "Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver", - "type": "string" - }, - "enableCoreDump": { - "description": "If set, newly injected sidecars will have core dumps enabled.", - "type": "boolean", - "nullable": true - }, - "logLevel": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ProxyLogLevel" - }, - "componentLogLevel": { - "description": "Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the \"LogLevel\" will be used. If left empty, \"misc:error\" is used.", - "type": "string" - }, - "clusterDomain": { - "description": "cluster domain. Default value is \"cluster.local\"", - "type": "string" - }, - "includeIPRanges": { - "description": "IncludeIPRanges the range where to capture egress traffic", - "type": "string" - }, - "excludeIPRanges": { - "description": "ExcludeIPRanges the range where not to capture egress traffic", - "type": "string" - }, - "excludeInboundPorts": { - "description": "ExcludeInboundPorts the comma separated list of inbound ports to be excluded from redirection to Envoy", - "type": "string" - }, - "excludeOutboundPorts": { - "description": "ExcludeOutboundPorts the comma separated list of outbound ports to be excluded from redirection to Envoy", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ProxyInitConfiguration": { - "description": "ProxyInitConfiguration defines config options for Proxy Init containers", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "image": { - "type": "string" - }, - "cni": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CNIConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.ProxyLogLevel": { - "type": "string", - "enum": [ - "ProxyLogLevel_UNSPECIFIED", - "TRACE", - "DEBUG", - "INFO", - "WARNING", - "ERROR", - "CRITICAL", - "OFF" - ] - }, - "istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration": { - "description": "ProxyWasmConfiguration defines config options for Envoy wasm", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. GOTYPE: *Quantity", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ], - "pattern": "^(\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))))?$" - }, - "istio_operator.v2.api.v1alpha1.Replicas": { - "description": "Replicas contains pod replica configuration", - "type": "object", - "properties": { - "count": { - "description": "Standard Kubernetes replica count configuration", - "type": "integer", - "nullable": true - }, - "max": { - "description": "max is the upper limit for the number of replicas to which the autoscaler can scale up. min and max both need to be set the turn on autoscaling. It cannot be less than min.", - "type": "integer", - "nullable": true - }, - "min": { - "description": "min is the lower limit for the number of replicas to which the autoscaler can scale down. min and max both need to be set the turn on autoscaling.", - "type": "integer", - "nullable": true - }, - "targetCPUUtilizationPercentage": { - "description": "target average CPU utilization (represented as a percentage of requested CPU) over all the pods; default 80% will be used if not specified.", - "type": "integer", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.SDSConfiguration": { - "description": "SDSConfiguration defines Secret Discovery Service config options", - "type": "object", - "properties": { - "tokenAudience": { - "description": "The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the JWT is intended for the CA.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.SPIFFEConfiguration": { - "description": "SPIFFEConfiguration is for SPIFFE configuration of Pilot", - "type": "object", - "properties": { - "operatorEndpoints": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration" - } - } - }, - "istio_operator.v2.api.v1alpha1.Service": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ServicePort": { - "description": "ServicePort contains information on service's port.", - "type": "object", - "properties": { - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. if only one ServicePort is defined on this service.", - "type": "string" - }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.", - "type": "string" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32" - }, - "targetPort": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "type": "integer", - "format": "int32" - } - } - }, - "istio_operator.v2.api.v1alpha1.SidecarInjectionTemplates": { - "type": "object", - "properties": { - "gateway": { - "description": "Overrides for the default \"gateway\" injection template. This template will be merged with the default \"gateway\" template, overwriting values, if existing.", - "type": "string" - }, - "sidecar": { - "description": "Overrides for the default \"sidecar\" injection template. This template will be merged with the default \"sidecar\" template, overwriting values, if existing.", - "type": "string" - }, - "customTemplates": { - "description": "Custom templates can be defined for sidecar injection. These templates can be applied by annotating pods with \"inject.istio.io/templates=\u003cname of custom template\u003e\". See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.CustomSidecarInjectionTemplates" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration": { - "type": "object", - "properties": { - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Service" - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "templates": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.SidecarInjectionTemplates" - } - } - }, - "istio_operator.v2.api.v1alpha1.StatusChecksums": { - "type": "object", - "properties": { - "meshConfig": { - "type": "string" - }, - "sidecarInjector": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.TelemetryV2Configuration": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.UnprotectedService": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource": { - "description": "Represents a Persistent Disk resource in AWS. An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.Affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "type": "object", - "properties": { - "nodeAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeAffinity" - }, - "podAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinity" - }, - "podAntiAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAntiAffinity" - } - } - }, - "k8s.io.api.core.v1.AzureDiskVolumeSource": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AzureFileVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.CSIVolumeSource": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", - "type": "object", - "properties": { - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", - "type": "string" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "volumeAttributes": { - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "nodePublishSecretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.Capabilities": { - "description": "Adds and removes POSIX capabilities from running containers.", - "type": "object", - "properties": { - "add": { - "description": "Added capabilities", - "type": "array", - "items": { - "type": "string" - } - }, - "drop": { - "description": "Removed capabilities", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.CephFSVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.CinderVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.ClientIPConfig": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.ConfigMapKeySelector": { - "description": "Selects a key from a ConfigMap.", - "type": "object", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapProjection": { - "description": "Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapVolumeSource": { - "description": "Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIProjection": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeFile": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "type": "object", - "properties": { - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeSource": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of downward API volume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.EmptyDirVolumeSource": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.EnvVar": { - "description": "EnvVar represents an environment variable present in a Container.", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", - "type": "string" - }, - "valueFrom": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVarSource" - } - } - }, - "k8s.io.api.core.v1.EnvVarSource": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "configMapKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapKeySelector" - }, - "secretKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretKeySelector" - } - } - }, - "k8s.io.api.core.v1.EphemeralVolumeSource": { - "description": "Represents an ephemeral volume that is handled by a normal storage driver.", - "type": "object", - "properties": { - "volumeClaimTemplate": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimTemplate" - } - } - }, - "k8s.io.api.core.v1.ExecAction": { - "description": "ExecAction describes a \"run in container\" action.", - "type": "object", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FCVolumeSource": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "type": "array", - "items": { - "type": "string" - } - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "type": "integer", - "format": "int32" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlexVolumeSource": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlockerVolumeSource": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GCEPersistentDiskVolumeSource": { - "description": "Represents a Persistent Disk resource in Google Compute Engine. A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GRPCAction": { - "type": "object", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "type": "integer", - "format": "int32" - }, - "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GitRepoVolumeSource": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "type": "object", - "properties": { - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - }, - "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GlusterfsVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - }, - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPHeader" - } - } - } - }, - "k8s.io.api.core.v1.HTTPHeader": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HostPathVolumeSource": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ISCSIVolumeSource": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "type": "integer", - "format": "int32" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "array", - "items": { - "type": "string" - } - }, - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.KeyToPath": { - "description": "Maps a string key to a path within a volume.", - "type": "object", - "properties": { - "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string" - }, - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.Lifecycle": { - "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", - "type": "object", - "properties": { - "postStart": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LifecycleHandler" - }, - "preStop": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LifecycleHandler" - } - } - }, - "k8s.io.api.core.v1.LifecycleHandler": { - "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", - "type": "object", - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - }, - "httpGet": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPGetAction" - }, - "tcpSocket": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TCPSocketAction" - } - } - }, - "k8s.io.api.core.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NFSVolumeSource": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NodeAffinity": { - "description": "Node affinity is a group of node affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelector" - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PreferredSchedulingTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelector": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", - "type": "object", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorRequirement": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorTerm": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - } - } - }, - "k8s.io.api.core.v1.ObjectFieldSelector": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", - "type": "object", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimSpec": { - "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceRequirements" - }, - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "type": "array", - "items": { - "type": "string" - } - }, - "selector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "dataSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - }, - "dataSourceRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimTemplate": { - "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimSpec" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", - "type": "boolean" - }, - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource": { - "description": "Represents a Photon Controller persistent disk resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PodAffinity": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodAffinityTerm": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "type": "array", - "items": { - "type": "string" - } - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - }, - "namespaceSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - } - }, - "k8s.io.api.core.v1.PodAntiAffinity": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodSecurityContext": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "type": "integer", - "format": "int64" - } - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Sysctl" - } - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - } - } - }, - "k8s.io.api.core.v1.PortworxVolumeSource": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - }, - "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.PreferredSchedulingTerm": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "type": "object", - "properties": { - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "preference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - }, - "k8s.io.api.core.v1.ProjectedVolumeSource": { - "description": "Represents a projected volume source", - "type": "object", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "sources": { - "description": "sources is the list of volume projections", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeProjection" - } - } - } - }, - "k8s.io.api.core.v1.QuobyteVolumeSource": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "group": { - "description": "group to map volume access to Default is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", - "type": "boolean" - }, - "user": { - "description": "user to map volume access to Defaults to serivceaccount user", - "type": "string" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.RBDVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ResourceFieldSelector": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", - "type": "object", - "properties": { - "resource": { - "description": "Required: resource to select", - "type": "string" - }, - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - } - }, - "k8s.io.api.core.v1.SELinuxOptions": { - "description": "SELinuxOptions are the labels to be applied to the container", - "type": "object", - "properties": { - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ScaleIOVolumeSource": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SeccompProfile": { - "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", - "type": "object", - "properties": { - "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", - "type": "string" - }, - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret.", - "type": "object", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretProjection": { - "description": "Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretVolumeSource": { - "description": "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.SecurityContext": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - }, - "capabilities": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Capabilities" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ServiceAccountTokenProjection": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", - "type": "object", - "properties": { - "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", - "type": "string" - }, - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.SessionAffinityConfig": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", - "type": "object", - "properties": { - "clientIP": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ClientIPConfig" - } - } - }, - "k8s.io.api.core.v1.StorageOSVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Sysctl": { - "description": "Sysctl defines a kernel parameter to be set", - "type": "object", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString" - }, - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Toleration": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", - "type": "object", - "properties": { - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - }, - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.TopologySpreadConstraint": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.", - "type": "string" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", - "type": "integer", - "format": "int32" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.TypedLocalObjectReference": { - "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Volume": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "type": "object", - "properties": { - "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "volumeSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeSource" - } - } - }, - "k8s.io.api.core.v1.VolumeMount": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "type": "object", - "properties": { - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", - "type": "boolean" - }, - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapProjection" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretProjection" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIProjection" - }, - "serviceAccountToken": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ServiceAccountTokenProjection" - } - } - }, - "k8s.io.api.core.v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapVolumeSource" - }, - "gcePersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "awsElasticBlockStore": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "hostPath": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HostPathVolumeSource" - }, - "glusterfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GlusterfsVolumeSource" - }, - "nfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NFSVolumeSource" - }, - "rbd": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.RBDVolumeSource" - }, - "iscsi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ISCSIVolumeSource" - }, - "cinder": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CinderVolumeSource" - }, - "cephfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CephFSVolumeSource" - }, - "fc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FCVolumeSource" - }, - "flocker": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlockerVolumeSource" - }, - "flexVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlexVolumeSource" - }, - "azureFile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureFileVolumeSource" - }, - "vsphereVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource" - }, - "quobyte": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.QuobyteVolumeSource" - }, - "azureDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureDiskVolumeSource" - }, - "photonPersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PortworxVolumeSource" - }, - "scaleIO": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ScaleIOVolumeSource" - }, - "storageos": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.StorageOSVolumeSource" - }, - "csi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CSIVolumeSource" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretVolumeSource" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EmptyDirVolumeSource" - }, - "gitRepo": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GitRepoVolumeSource" - }, - "persistentVolumeClaim": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "projected": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ProjectedVolumeSource" - }, - "ephemeral": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EphemeralVolumeSource" - } - } - }, - "k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource": { - "description": "Represents a vSphere volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.WeightedPodAffinityTerm": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "type": "object", - "properties": { - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "podAffinityTerm": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - } - }, - "k8s.io.api.core.v1.WindowsSecurityContextOptions": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", - "type": "object", - "properties": { - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors. The serialization format is: \u003cquantity\u003e ::= \u003csignedNumber\u003e\u003csuffix\u003e (Note that \u003csuffix\u003e may be empty, from the \"\" case in \u003cdecimalSI\u003e.) \u003cdigit\u003e ::= 0 | 1 | ... | 9 \u003cdigits\u003e ::= \u003cdigit\u003e | \u003cdigit\u003e\u003cdigits\u003e \u003cnumber\u003e ::= \u003cdigits\u003e | \u003cdigits\u003e.\u003cdigits\u003e | \u003cdigits\u003e. | .\u003cdigits\u003e \u003csign\u003e ::= \"+\" | \"-\" \u003csignedNumber\u003e ::= \u003cnumber\u003e | \u003csign\u003e\u003cnumber\u003e \u003csuffix\u003e ::= \u003cbinarySI\u003e | \u003cdecimalExponent\u003e | \u003cdecimalSI\u003e \u003cbinarySI\u003e ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) \u003cdecimalSI\u003e ::= m | \"\" | k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) \u003cdecimalExponent\u003e ::= \"e\" \u003csignedNumber\u003e | \"E\" \u003csignedNumber\u003e No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. Before serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: a. No precision is lost b. No fractional digits will be emitted c. The exponent (or suffix) is as large as possible. The sign will be omitted unless the number is negative. Examples: 1.5 will be serialized as \"1500m\" 1.5Gi will be serialized as \"1536Mi\" Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", - "type": "object", - "properties": { - "string": { - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1": { - "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. The exact format is defined in sigs.k8s.io/structured-merge-diff", - "type": "object", - "properties": { - "Raw": { - "description": "Raw is the underlying serialization of this object.", - "type": "string", - "format": "binary" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { - "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", - "type": "object", - "properties": { - "time": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "apiVersion": { - "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", - "type": "string" - }, - "manager": { - "description": "Manager is an identifier of the workflow managing these fields.", - "type": "string" - }, - "operation": { - "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", - "type": "string" - }, - "fieldsType": { - "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", - "type": "string" - }, - "fieldsV1": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1" - }, - "subresource": { - "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", - "type": "object", - "properties": { - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "resourceVersion": { - "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" - }, - "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "generation": { - "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", - "type": "integer", - "format": "int64" - }, - "creationTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionGracePeriodSeconds": { - "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", - "type": "integer", - "format": "int64" - }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference" - } - }, - "finalizers": { - "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", - "type": "array", - "items": { - "type": "string" - } - }, - "clusterName": { - "description": "The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.", - "type": "string" - }, - "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "uid": { - "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.Time": { - "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", - "type": "object", - "properties": { - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", - "type": "integer", - "format": "int64" - }, - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.apimachinery.pkg.util.intstr.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. TODO: Rename to Int32OrString", - "type": "object", - "properties": { - "type": { - "type": "integer", - "format": "int64" - }, - "intVal": { - "type": "integer", - "format": "int32" - }, - "strVal": { - "type": "string" - } - } - } - } - } -} \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.go deleted file mode 100644 index d607774c8..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.go +++ /dev/null @@ -1,3456 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc (unknown) -// source: api/v1alpha1/istiocontrolplane.proto - -// $schema: istio-operator.api.v1alpha1.IstioControlPlaneSpec -// $title: Istio ControlPlane Spec -// $description: Istio control plane descriptor - -package v1alpha1 - -import ( - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1alpha1 "istio.io/api/mesh/v1alpha1" - v1 "k8s.io/api/core/v1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ModeType int32 - -const ( - ModeType_ModeType_UNSPECIFIED ModeType = 0 - ModeType_ACTIVE ModeType = 1 - ModeType_PASSIVE ModeType = 2 -) - -// Enum value maps for ModeType. -var ( - ModeType_name = map[int32]string{ - 0: "ModeType_UNSPECIFIED", - 1: "ACTIVE", - 2: "PASSIVE", - } - ModeType_value = map[string]int32{ - "ModeType_UNSPECIFIED": 0, - "ACTIVE": 1, - "PASSIVE": 2, - } -) - -func (x ModeType) Enum() *ModeType { - p := new(ModeType) - *p = x - return p -} - -func (x ModeType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ModeType) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_istiocontrolplane_proto_enumTypes[0].Descriptor() -} - -func (ModeType) Type() protoreflect.EnumType { - return &file_api_v1alpha1_istiocontrolplane_proto_enumTypes[0] -} - -func (x ModeType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ModeType.Descriptor instead. -func (ModeType) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{0} -} - -type ProxyLogLevel int32 - -const ( - ProxyLogLevel_ProxyLogLevel_UNSPECIFIED ProxyLogLevel = 0 - ProxyLogLevel_TRACE ProxyLogLevel = 1 - ProxyLogLevel_DEBUG ProxyLogLevel = 2 - ProxyLogLevel_INFO ProxyLogLevel = 3 - ProxyLogLevel_WARNING ProxyLogLevel = 4 - ProxyLogLevel_ERROR ProxyLogLevel = 5 - ProxyLogLevel_CRITICAL ProxyLogLevel = 6 - ProxyLogLevel_OFF ProxyLogLevel = 7 -) - -// Enum value maps for ProxyLogLevel. -var ( - ProxyLogLevel_name = map[int32]string{ - 0: "ProxyLogLevel_UNSPECIFIED", - 1: "TRACE", - 2: "DEBUG", - 3: "INFO", - 4: "WARNING", - 5: "ERROR", - 6: "CRITICAL", - 7: "OFF", - } - ProxyLogLevel_value = map[string]int32{ - "ProxyLogLevel_UNSPECIFIED": 0, - "TRACE": 1, - "DEBUG": 2, - "INFO": 3, - "WARNING": 4, - "ERROR": 5, - "CRITICAL": 6, - "OFF": 7, - } -) - -func (x ProxyLogLevel) Enum() *ProxyLogLevel { - p := new(ProxyLogLevel) - *p = x - return p -} - -func (x ProxyLogLevel) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ProxyLogLevel) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_istiocontrolplane_proto_enumTypes[1].Descriptor() -} - -func (ProxyLogLevel) Type() protoreflect.EnumType { - return &file_api_v1alpha1_istiocontrolplane_proto_enumTypes[1] -} - -func (x ProxyLogLevel) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ProxyLogLevel.Descriptor instead. -func (ProxyLogLevel) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{1} -} - -type PilotCertProviderType int32 - -const ( - PilotCertProviderType_PilotCertProviderType_UNSPECIFIED PilotCertProviderType = 0 - PilotCertProviderType_KUBERNETES PilotCertProviderType = 1 - PilotCertProviderType_ISTIOD PilotCertProviderType = 2 -) - -// Enum value maps for PilotCertProviderType. -var ( - PilotCertProviderType_name = map[int32]string{ - 0: "PilotCertProviderType_UNSPECIFIED", - 1: "KUBERNETES", - 2: "ISTIOD", - } - PilotCertProviderType_value = map[string]int32{ - "PilotCertProviderType_UNSPECIFIED": 0, - "KUBERNETES": 1, - "ISTIOD": 2, - } -) - -func (x PilotCertProviderType) Enum() *PilotCertProviderType { - p := new(PilotCertProviderType) - *p = x - return p -} - -func (x PilotCertProviderType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (PilotCertProviderType) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_istiocontrolplane_proto_enumTypes[2].Descriptor() -} - -func (PilotCertProviderType) Type() protoreflect.EnumType { - return &file_api_v1alpha1_istiocontrolplane_proto_enumTypes[2] -} - -func (x PilotCertProviderType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use PilotCertProviderType.Descriptor instead. -func (PilotCertProviderType) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{2} -} - -type JWTPolicyType int32 - -const ( - JWTPolicyType_JWTPolicyType_UNSPECIFIED JWTPolicyType = 0 - JWTPolicyType_THIRD_PARTY_JWT JWTPolicyType = 1 - JWTPolicyType_FIRST_PARTY_JWT JWTPolicyType = 2 -) - -// Enum value maps for JWTPolicyType. -var ( - JWTPolicyType_name = map[int32]string{ - 0: "JWTPolicyType_UNSPECIFIED", - 1: "THIRD_PARTY_JWT", - 2: "FIRST_PARTY_JWT", - } - JWTPolicyType_value = map[string]int32{ - "JWTPolicyType_UNSPECIFIED": 0, - "THIRD_PARTY_JWT": 1, - "FIRST_PARTY_JWT": 2, - } -) - -func (x JWTPolicyType) Enum() *JWTPolicyType { - p := new(JWTPolicyType) - *p = x - return p -} - -func (x JWTPolicyType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (JWTPolicyType) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_istiocontrolplane_proto_enumTypes[3].Descriptor() -} - -func (JWTPolicyType) Type() protoreflect.EnumType { - return &file_api_v1alpha1_istiocontrolplane_proto_enumTypes[3] -} - -func (x JWTPolicyType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use JWTPolicyType.Descriptor instead. -func (JWTPolicyType) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{3} -} - -// IstioControlPlane defines an Istio control plane -// -// -// -// -type IstioControlPlaneSpec struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Contains the intended version for the Istio control plane. - // +kubebuilder:validation:Pattern=^1\. - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - // Configure the mode for this control plane. - // Currently, two options are supported: "ACTIVE" and "PASSIVE". - // ACTIVE mode means that a full-fledged Istio control plane will be deployed and operated - // (usually called primary cluster in upstream Istio terminology). - // PASSIVE mode means that only a few resources will be installed for sidecar injection and cross-cluster - // communication, it is used for multi cluster setups (this is the remote cluster in upstream Istio terminology). - // +kubebuilder:validation:Enum=ACTIVE;PASSIVE - Mode ModeType `protobuf:"varint,2,opt,name=mode,proto3,enum=istio_operator.v2.api.v1alpha1.ModeType" json:"mode,omitempty"` - // Logging configurations. - Logging *LoggingConfiguration `protobuf:"bytes,3,opt,name=logging,proto3" json:"logging,omitempty"` - // Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - MountMtlsCerts *wrappers.BoolValue `protobuf:"bytes,4,opt,name=mountMtlsCerts,proto3" json:"mountMtlsCerts,omitempty"` - // Istiod configuration. - Istiod *IstiodConfiguration `protobuf:"bytes,5,opt,name=istiod,proto3" json:"istiod,omitempty"` - // Proxy configuration options. - Proxy *ProxyConfiguration `protobuf:"bytes,6,opt,name=proxy,proto3" json:"proxy,omitempty"` - // Proxy Init configuration options. - ProxyInit *ProxyInitConfiguration `protobuf:"bytes,7,opt,name=proxyInit,proto3" json:"proxyInit,omitempty"` - // Telemetry V2 configuration. - TelemetryV2 *TelemetryV2Configuration `protobuf:"bytes,8,opt,name=telemetryV2,proto3" json:"telemetryV2,omitempty"` - // If SDS is configured, mTLS certificates for the sidecars will be distributed through the - // SecretDiscoveryService instead of using K8S secrets to mount the certificates. - Sds *SDSConfiguration `protobuf:"bytes,9,opt,name=sds,proto3" json:"sds,omitempty"` - // ProxyWasm configuration options. - ProxyWasm *ProxyWasmConfiguration `protobuf:"bytes,10,opt,name=proxyWasm,proto3" json:"proxyWasm,omitempty"` - // Whether to restrict the applications namespace the controller manages. - // If not set, controller watches all namespaces - WatchOneNamespace *wrappers.BoolValue `protobuf:"bytes,11,opt,name=watchOneNamespace,proto3" json:"watchOneNamespace,omitempty"` - // Configure the policy for validating JWT. - // Currently, two options are supported: "third-party-jwt" and "first-party-jwt". - // +kubebuilder:validation:Enum=THIRD_PARTY_JWT;FIRST_PARTY_JWT - JwtPolicy JWTPolicyType `protobuf:"varint,12,opt,name=jwtPolicy,proto3,enum=istio_operator.v2.api.v1alpha1.JWTPolicyType" json:"jwtPolicy,omitempty"` - // The customized CA address to retrieve certificates for the pods in the cluster. - // CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - CaAddress string `protobuf:"bytes,13,opt,name=caAddress,proto3" json:"caAddress,omitempty"` - // The name of the CA for workload certificates. - CaProvider string `protobuf:"bytes,14,opt,name=caProvider,proto3" json:"caProvider,omitempty"` - // Contains the intended distribution for the Istio control plane. - // The official distribution is used by default unless special preserved distribution value is set. - // The only preserved distribution is "cisco" as of now. - Distribution string `protobuf:"bytes,15,opt,name=distribution,proto3" json:"distribution,omitempty"` - // Upstream HTTP proxy properties to be injected as environment variables to the pod containers. - HttpProxyEnvs *HTTPProxyEnvsConfiguration `protobuf:"bytes,16,opt,name=httpProxyEnvs,proto3" json:"httpProxyEnvs,omitempty"` - // Defines mesh-wide settings for the Istio control plane. - MeshConfig *v1alpha1.MeshConfig `protobuf:"bytes,17,opt,name=meshConfig,proto3" json:"meshConfig,omitempty"` - // K8s resource overlay patches - K8SResourceOverlays []*K8SResourceOverlayPatch `protobuf:"bytes,18,rep,name=k8sResourceOverlays,proto3" json:"k8sResourceOverlays,omitempty"` - // Name of the Mesh to which this control plane belongs. - MeshID string `protobuf:"bytes,19,opt,name=meshID,proto3" json:"meshID,omitempty"` - // Global configuration for container images. - ContainerImageConfiguration *ContainerImageConfiguration `protobuf:"bytes,20,opt,name=containerImageConfiguration,proto3" json:"containerImageConfiguration,omitempty"` - // Mesh expansion configuration - MeshExpansion *MeshExpansionConfiguration `protobuf:"bytes,21,opt,name=meshExpansion,proto3" json:"meshExpansion,omitempty"` - // Cluster ID - ClusterID string `protobuf:"bytes,22,opt,name=clusterID,proto3" json:"clusterID,omitempty"` - // Network defines the network this cluster belongs to. This name - // corresponds to the networks in the map of mesh networks. - // +default=network1 - NetworkName string `protobuf:"bytes,23,opt,name=networkName,proto3" json:"networkName,omitempty"` - // Standalone sidecar injector configuration. - SidecarInjector *SidecarInjectorConfiguration `protobuf:"bytes,24,opt,name=sidecarInjector,proto3" json:"sidecarInjector,omitempty"` - // Tracing defines configuration for the tracing performed by Envoy instances. - Tracer *v1alpha1.Tracing `protobuf:"bytes,25,opt,name=tracer,proto3" json:"tracer,omitempty"` -} - -func (x *IstioControlPlaneSpec) Reset() { - *x = IstioControlPlaneSpec{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioControlPlaneSpec) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioControlPlaneSpec) ProtoMessage() {} - -func (x *IstioControlPlaneSpec) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioControlPlaneSpec.ProtoReflect.Descriptor instead. -func (*IstioControlPlaneSpec) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{0} -} - -func (x *IstioControlPlaneSpec) GetVersion() string { - if x != nil { - return x.Version - } - return "" -} - -func (x *IstioControlPlaneSpec) GetMode() ModeType { - if x != nil { - return x.Mode - } - return ModeType_ModeType_UNSPECIFIED -} - -func (x *IstioControlPlaneSpec) GetLogging() *LoggingConfiguration { - if x != nil { - return x.Logging - } - return nil -} - -func (x *IstioControlPlaneSpec) GetMountMtlsCerts() *wrappers.BoolValue { - if x != nil { - return x.MountMtlsCerts - } - return nil -} - -func (x *IstioControlPlaneSpec) GetIstiod() *IstiodConfiguration { - if x != nil { - return x.Istiod - } - return nil -} - -func (x *IstioControlPlaneSpec) GetProxy() *ProxyConfiguration { - if x != nil { - return x.Proxy - } - return nil -} - -func (x *IstioControlPlaneSpec) GetProxyInit() *ProxyInitConfiguration { - if x != nil { - return x.ProxyInit - } - return nil -} - -func (x *IstioControlPlaneSpec) GetTelemetryV2() *TelemetryV2Configuration { - if x != nil { - return x.TelemetryV2 - } - return nil -} - -func (x *IstioControlPlaneSpec) GetSds() *SDSConfiguration { - if x != nil { - return x.Sds - } - return nil -} - -func (x *IstioControlPlaneSpec) GetProxyWasm() *ProxyWasmConfiguration { - if x != nil { - return x.ProxyWasm - } - return nil -} - -func (x *IstioControlPlaneSpec) GetWatchOneNamespace() *wrappers.BoolValue { - if x != nil { - return x.WatchOneNamespace - } - return nil -} - -func (x *IstioControlPlaneSpec) GetJwtPolicy() JWTPolicyType { - if x != nil { - return x.JwtPolicy - } - return JWTPolicyType_JWTPolicyType_UNSPECIFIED -} - -func (x *IstioControlPlaneSpec) GetCaAddress() string { - if x != nil { - return x.CaAddress - } - return "" -} - -func (x *IstioControlPlaneSpec) GetCaProvider() string { - if x != nil { - return x.CaProvider - } - return "" -} - -func (x *IstioControlPlaneSpec) GetDistribution() string { - if x != nil { - return x.Distribution - } - return "" -} - -func (x *IstioControlPlaneSpec) GetHttpProxyEnvs() *HTTPProxyEnvsConfiguration { - if x != nil { - return x.HttpProxyEnvs - } - return nil -} - -func (x *IstioControlPlaneSpec) GetMeshConfig() *v1alpha1.MeshConfig { - if x != nil { - return x.MeshConfig - } - return nil -} - -func (x *IstioControlPlaneSpec) GetK8SResourceOverlays() []*K8SResourceOverlayPatch { - if x != nil { - return x.K8SResourceOverlays - } - return nil -} - -func (x *IstioControlPlaneSpec) GetMeshID() string { - if x != nil { - return x.MeshID - } - return "" -} - -func (x *IstioControlPlaneSpec) GetContainerImageConfiguration() *ContainerImageConfiguration { - if x != nil { - return x.ContainerImageConfiguration - } - return nil -} - -func (x *IstioControlPlaneSpec) GetMeshExpansion() *MeshExpansionConfiguration { - if x != nil { - return x.MeshExpansion - } - return nil -} - -func (x *IstioControlPlaneSpec) GetClusterID() string { - if x != nil { - return x.ClusterID - } - return "" -} - -func (x *IstioControlPlaneSpec) GetNetworkName() string { - if x != nil { - return x.NetworkName - } - return "" -} - -func (x *IstioControlPlaneSpec) GetSidecarInjector() *SidecarInjectorConfiguration { - if x != nil { - return x.SidecarInjector - } - return nil -} - -func (x *IstioControlPlaneSpec) GetTracer() *v1alpha1.Tracing { - if x != nil { - return x.Tracer - } - return nil -} - -type SidecarInjectorConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Deployment spec - Deployment *BaseKubernetesResourceConfig `protobuf:"bytes,1,opt,name=deployment,proto3" json:"deployment,omitempty"` - // Service spec - Service *Service `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` - // Fields to introduce sidecar injection template customizations - Templates *SidecarInjectionTemplates `protobuf:"bytes,3,opt,name=templates,proto3" json:"templates,omitempty"` -} - -func (x *SidecarInjectorConfiguration) Reset() { - *x = SidecarInjectorConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SidecarInjectorConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SidecarInjectorConfiguration) ProtoMessage() {} - -func (x *SidecarInjectorConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SidecarInjectorConfiguration.ProtoReflect.Descriptor instead. -func (*SidecarInjectorConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{1} -} - -func (x *SidecarInjectorConfiguration) GetDeployment() *BaseKubernetesResourceConfig { - if x != nil { - return x.Deployment - } - return nil -} - -func (x *SidecarInjectorConfiguration) GetService() *Service { - if x != nil { - return x.Service - } - return nil -} - -func (x *SidecarInjectorConfiguration) GetTemplates() *SidecarInjectionTemplates { - if x != nil { - return x.Templates - } - return nil -} - -type SidecarInjectionTemplates struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Overrides for the default "sidecar" injection template. This template will be merged with the default "sidecar" template, overwriting values, if existing. - Sidecar string `protobuf:"bytes,1,opt,name=sidecar,proto3" json:"sidecar,omitempty"` - // Overrides for the default "gateway" injection template. This template will be merged with the default "gateway" template, overwriting values, if existing. - Gateway string `protobuf:"bytes,2,opt,name=gateway,proto3" json:"gateway,omitempty"` - // Custom templates can be defined for sidecar injection. These templates can be applied by annotating pods with "inject.istio.io/templates=". See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental. - CustomTemplates []*CustomSidecarInjectionTemplates `protobuf:"bytes,3,rep,name=customTemplates,proto3" json:"customTemplates,omitempty"` -} - -func (x *SidecarInjectionTemplates) Reset() { - *x = SidecarInjectionTemplates{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SidecarInjectionTemplates) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SidecarInjectionTemplates) ProtoMessage() {} - -func (x *SidecarInjectionTemplates) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SidecarInjectionTemplates.ProtoReflect.Descriptor instead. -func (*SidecarInjectionTemplates) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{2} -} - -func (x *SidecarInjectionTemplates) GetSidecar() string { - if x != nil { - return x.Sidecar - } - return "" -} - -func (x *SidecarInjectionTemplates) GetGateway() string { - if x != nil { - return x.Gateway - } - return "" -} - -func (x *SidecarInjectionTemplates) GetCustomTemplates() []*CustomSidecarInjectionTemplates { - if x != nil { - return x.CustomTemplates - } - return nil -} - -type CustomSidecarInjectionTemplates struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - Template string `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` -} - -func (x *CustomSidecarInjectionTemplates) Reset() { - *x = CustomSidecarInjectionTemplates{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CustomSidecarInjectionTemplates) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CustomSidecarInjectionTemplates) ProtoMessage() {} - -func (x *CustomSidecarInjectionTemplates) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CustomSidecarInjectionTemplates.ProtoReflect.Descriptor instead. -func (*CustomSidecarInjectionTemplates) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{3} -} - -func (x *CustomSidecarInjectionTemplates) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *CustomSidecarInjectionTemplates) GetTemplate() string { - if x != nil { - return x.Template - } - return "" -} - -type MeshExpansionConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - Gateway *MeshExpansionConfiguration_IstioMeshGatewayConfiguration `protobuf:"bytes,2,opt,name=gateway,proto3" json:"gateway,omitempty"` - // istiod component configuration - Istiod *MeshExpansionConfiguration_Istiod `protobuf:"bytes,3,opt,name=istiod,proto3" json:"istiod,omitempty"` - // webhook component configuration - Webhook *MeshExpansionConfiguration_Webhook `protobuf:"bytes,4,opt,name=webhook,proto3" json:"webhook,omitempty"` - // cluster services configuration - ClusterServices *MeshExpansionConfiguration_ClusterServices `protobuf:"bytes,5,opt,name=clusterServices,proto3" json:"clusterServices,omitempty"` -} - -func (x *MeshExpansionConfiguration) Reset() { - *x = MeshExpansionConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshExpansionConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshExpansionConfiguration) ProtoMessage() {} - -func (x *MeshExpansionConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshExpansionConfiguration.ProtoReflect.Descriptor instead. -func (*MeshExpansionConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{4} -} - -func (x *MeshExpansionConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -func (x *MeshExpansionConfiguration) GetGateway() *MeshExpansionConfiguration_IstioMeshGatewayConfiguration { - if x != nil { - return x.Gateway - } - return nil -} - -func (x *MeshExpansionConfiguration) GetIstiod() *MeshExpansionConfiguration_Istiod { - if x != nil { - return x.Istiod - } - return nil -} - -func (x *MeshExpansionConfiguration) GetWebhook() *MeshExpansionConfiguration_Webhook { - if x != nil { - return x.Webhook - } - return nil -} - -func (x *MeshExpansionConfiguration) GetClusterServices() *MeshExpansionConfiguration_ClusterServices { - if x != nil { - return x.ClusterServices - } - return nil -} - -// Comma-separated minimum per-scope logging level of messages to output, in the form of :,: -// The control plane has different scopes depending on component, but can configure default log level across all components -// If empty, default scope and level will be used as configured in code -type LoggingConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // +kubebuilder:validation:Pattern=`^([a-zA-Z]+:[a-zA-Z]+,?)+$` - Level string `protobuf:"bytes,1,opt,name=level,proto3" json:"level,omitempty"` -} - -func (x *LoggingConfiguration) Reset() { - *x = LoggingConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoggingConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoggingConfiguration) ProtoMessage() {} - -func (x *LoggingConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoggingConfiguration.ProtoReflect.Descriptor instead. -func (*LoggingConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{5} -} - -func (x *LoggingConfiguration) GetLevel() string { - if x != nil { - return x.Level - } - return "" -} - -// SDSConfiguration defines Secret Discovery Service config options -type SDSConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - // When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - // - // JWT is intended for the CA. - TokenAudience string `protobuf:"bytes,1,opt,name=tokenAudience,proto3" json:"tokenAudience,omitempty"` -} - -func (x *SDSConfiguration) Reset() { - *x = SDSConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SDSConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SDSConfiguration) ProtoMessage() {} - -func (x *SDSConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SDSConfiguration.ProtoReflect.Descriptor instead. -func (*SDSConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{6} -} - -func (x *SDSConfiguration) GetTokenAudience() string { - if x != nil { - return x.TokenAudience - } - return "" -} - -// ProxyConfiguration defines config options for Proxy -type ProxyConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` - // If set to true, istio-proxy container will have privileged securityContext - Privileged *wrappers.BoolValue `protobuf:"bytes,2,opt,name=privileged,proto3" json:"privileged,omitempty"` - // If set, newly injected sidecars will have core dumps enabled. - EnableCoreDump *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enableCoreDump,proto3" json:"enableCoreDump,omitempty"` - // Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - // Expected values are: trace|debug|info|warning|error|critical|off - // +kubebuilder:validation:Enum=TRACE;DEBUG;INFO;WARNING;ERROR;CRITICAL;OFF - LogLevel ProxyLogLevel `protobuf:"varint,4,opt,name=logLevel,proto3,enum=istio_operator.v2.api.v1alpha1.ProxyLogLevel" json:"logLevel,omitempty"` - // Per Component log level for proxy, applies to gateways and sidecars. If a component level is - // not set, then the "LogLevel" will be used. If left empty, "misc:error" is used. - ComponentLogLevel string `protobuf:"bytes,5,opt,name=componentLogLevel,proto3" json:"componentLogLevel,omitempty"` - // cluster domain. Default value is "cluster.local" - ClusterDomain string `protobuf:"bytes,6,opt,name=clusterDomain,proto3" json:"clusterDomain,omitempty"` - // Controls if sidecar is injected at the front of the container list and blocks - // the start of the other containers until the proxy is ready - // Default value is 'false'. - HoldApplicationUntilProxyStarts *wrappers.BoolValue `protobuf:"bytes,7,opt,name=holdApplicationUntilProxyStarts,proto3" json:"holdApplicationUntilProxyStarts,omitempty"` - Lifecycle *v1.Lifecycle `protobuf:"bytes,8,opt,name=lifecycle,proto3" json:"lifecycle,omitempty"` - Resources *ResourceRequirements `protobuf:"bytes,9,opt,name=resources,proto3" json:"resources,omitempty"` - // IncludeIPRanges the range where to capture egress traffic - IncludeIPRanges string `protobuf:"bytes,10,opt,name=includeIPRanges,proto3" json:"includeIPRanges,omitempty"` - // ExcludeIPRanges the range where not to capture egress traffic - ExcludeIPRanges string `protobuf:"bytes,11,opt,name=excludeIPRanges,proto3" json:"excludeIPRanges,omitempty"` - // ExcludeInboundPorts the comma separated list of inbound ports to be excluded from redirection to Envoy - ExcludeInboundPorts string `protobuf:"bytes,12,opt,name=excludeInboundPorts,proto3" json:"excludeInboundPorts,omitempty"` - // ExcludeOutboundPorts the comma separated list of outbound ports to be excluded from redirection to Envoy - ExcludeOutboundPorts string `protobuf:"bytes,13,opt,name=excludeOutboundPorts,proto3" json:"excludeOutboundPorts,omitempty"` - // Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver - Tracer *string `protobuf:"bytes,14,opt,name=tracer,proto3,oneof" json:"tracer,omitempty"` -} - -func (x *ProxyConfiguration) Reset() { - *x = ProxyConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ProxyConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ProxyConfiguration) ProtoMessage() {} - -func (x *ProxyConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ProxyConfiguration.ProtoReflect.Descriptor instead. -func (*ProxyConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{7} -} - -func (x *ProxyConfiguration) GetImage() string { - if x != nil { - return x.Image - } - return "" -} - -func (x *ProxyConfiguration) GetPrivileged() *wrappers.BoolValue { - if x != nil { - return x.Privileged - } - return nil -} - -func (x *ProxyConfiguration) GetEnableCoreDump() *wrappers.BoolValue { - if x != nil { - return x.EnableCoreDump - } - return nil -} - -func (x *ProxyConfiguration) GetLogLevel() ProxyLogLevel { - if x != nil { - return x.LogLevel - } - return ProxyLogLevel_ProxyLogLevel_UNSPECIFIED -} - -func (x *ProxyConfiguration) GetComponentLogLevel() string { - if x != nil { - return x.ComponentLogLevel - } - return "" -} - -func (x *ProxyConfiguration) GetClusterDomain() string { - if x != nil { - return x.ClusterDomain - } - return "" -} - -func (x *ProxyConfiguration) GetHoldApplicationUntilProxyStarts() *wrappers.BoolValue { - if x != nil { - return x.HoldApplicationUntilProxyStarts - } - return nil -} - -func (x *ProxyConfiguration) GetLifecycle() *v1.Lifecycle { - if x != nil { - return x.Lifecycle - } - return nil -} - -func (x *ProxyConfiguration) GetResources() *ResourceRequirements { - if x != nil { - return x.Resources - } - return nil -} - -func (x *ProxyConfiguration) GetIncludeIPRanges() string { - if x != nil { - return x.IncludeIPRanges - } - return "" -} - -func (x *ProxyConfiguration) GetExcludeIPRanges() string { - if x != nil { - return x.ExcludeIPRanges - } - return "" -} - -func (x *ProxyConfiguration) GetExcludeInboundPorts() string { - if x != nil { - return x.ExcludeInboundPorts - } - return "" -} - -func (x *ProxyConfiguration) GetExcludeOutboundPorts() string { - if x != nil { - return x.ExcludeOutboundPorts - } - return "" -} - -func (x *ProxyConfiguration) GetTracer() string { - if x != nil && x.Tracer != nil { - return *x.Tracer - } - return "" -} - -// ProxyInitConfiguration defines config options for Proxy Init containers -type ProxyInitConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` - Resources *ResourceRequirements `protobuf:"bytes,2,opt,name=resources,proto3" json:"resources,omitempty"` - Cni *CNIConfiguration `protobuf:"bytes,3,opt,name=cni,proto3" json:"cni,omitempty"` -} - -func (x *ProxyInitConfiguration) Reset() { - *x = ProxyInitConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ProxyInitConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ProxyInitConfiguration) ProtoMessage() {} - -func (x *ProxyInitConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ProxyInitConfiguration.ProtoReflect.Descriptor instead. -func (*ProxyInitConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{8} -} - -func (x *ProxyInitConfiguration) GetImage() string { - if x != nil { - return x.Image - } - return "" -} - -func (x *ProxyInitConfiguration) GetResources() *ResourceRequirements { - if x != nil { - return x.Resources - } - return nil -} - -func (x *ProxyInitConfiguration) GetCni() *CNIConfiguration { - if x != nil { - return x.Cni - } - return nil -} - -type CNIConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - Chained *wrappers.BoolValue `protobuf:"bytes,2,opt,name=chained,proto3" json:"chained,omitempty"` - BinDir string `protobuf:"bytes,4,opt,name=binDir,proto3" json:"binDir,omitempty"` - ConfDir string `protobuf:"bytes,5,opt,name=confDir,proto3" json:"confDir,omitempty"` - ExcludeNamespaces []string `protobuf:"bytes,6,rep,name=excludeNamespaces,proto3" json:"excludeNamespaces,omitempty"` - IncludeNamespaces []string `protobuf:"bytes,7,rep,name=includeNamespaces,proto3" json:"includeNamespaces,omitempty"` - LogLevel string `protobuf:"bytes,8,opt,name=logLevel,proto3" json:"logLevel,omitempty"` - ConfFileName string `protobuf:"bytes,9,opt,name=confFileName,proto3" json:"confFileName,omitempty"` - PspClusterRoleName string `protobuf:"bytes,10,opt,name=pspClusterRoleName,proto3" json:"pspClusterRoleName,omitempty"` - Repair *CNIConfiguration_RepairConfiguration `protobuf:"bytes,11,opt,name=repair,proto3" json:"repair,omitempty"` - Taint *CNIConfiguration_TaintConfiguration `protobuf:"bytes,12,opt,name=taint,proto3" json:"taint,omitempty"` - ResourceQuotas *CNIConfiguration_ResourceQuotas `protobuf:"bytes,13,opt,name=resourceQuotas,proto3" json:"resourceQuotas,omitempty"` - Daemonset *BaseKubernetesResourceConfig `protobuf:"bytes,14,opt,name=daemonset,proto3" json:"daemonset,omitempty"` -} - -func (x *CNIConfiguration) Reset() { - *x = CNIConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CNIConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CNIConfiguration) ProtoMessage() {} - -func (x *CNIConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CNIConfiguration.ProtoReflect.Descriptor instead. -func (*CNIConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{9} -} - -func (x *CNIConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -func (x *CNIConfiguration) GetChained() *wrappers.BoolValue { - if x != nil { - return x.Chained - } - return nil -} - -func (x *CNIConfiguration) GetBinDir() string { - if x != nil { - return x.BinDir - } - return "" -} - -func (x *CNIConfiguration) GetConfDir() string { - if x != nil { - return x.ConfDir - } - return "" -} - -func (x *CNIConfiguration) GetExcludeNamespaces() []string { - if x != nil { - return x.ExcludeNamespaces - } - return nil -} - -func (x *CNIConfiguration) GetIncludeNamespaces() []string { - if x != nil { - return x.IncludeNamespaces - } - return nil -} - -func (x *CNIConfiguration) GetLogLevel() string { - if x != nil { - return x.LogLevel - } - return "" -} - -func (x *CNIConfiguration) GetConfFileName() string { - if x != nil { - return x.ConfFileName - } - return "" -} - -func (x *CNIConfiguration) GetPspClusterRoleName() string { - if x != nil { - return x.PspClusterRoleName - } - return "" -} - -func (x *CNIConfiguration) GetRepair() *CNIConfiguration_RepairConfiguration { - if x != nil { - return x.Repair - } - return nil -} - -func (x *CNIConfiguration) GetTaint() *CNIConfiguration_TaintConfiguration { - if x != nil { - return x.Taint - } - return nil -} - -func (x *CNIConfiguration) GetResourceQuotas() *CNIConfiguration_ResourceQuotas { - if x != nil { - return x.ResourceQuotas - } - return nil -} - -func (x *CNIConfiguration) GetDaemonset() *BaseKubernetesResourceConfig { - if x != nil { - return x.Daemonset - } - return nil -} - -// IstiodConfiguration defines config options for Istiod -type IstiodConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Deployment spec - Deployment *BaseKubernetesResourceConfig `protobuf:"bytes,1,opt,name=deployment,proto3" json:"deployment,omitempty"` - // If enabled, pilot will run Istio analyzers and write analysis errors to the Status field of any Istio Resources - EnableAnalysis *wrappers.BoolValue `protobuf:"bytes,2,opt,name=enableAnalysis,proto3" json:"enableAnalysis,omitempty"` - // If enabled, pilot will update the CRD Status field of all Istio resources with reconciliation status - EnableStatus *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enableStatus,proto3" json:"enableStatus,omitempty"` - // Settings for local istiod to control remote clusters as well - ExternalIstiod *ExternalIstiodConfiguration `protobuf:"bytes,4,opt,name=externalIstiod,proto3" json:"externalIstiod,omitempty"` - TraceSampling *wrappers.FloatValue `protobuf:"bytes,5,opt,name=traceSampling,proto3" json:"traceSampling,omitempty"` - // If enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported - EnableProtocolSniffingOutbound *wrappers.BoolValue `protobuf:"bytes,6,opt,name=enableProtocolSniffingOutbound,proto3" json:"enableProtocolSniffingOutbound,omitempty"` - // If enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported - EnableProtocolSniffingInbound *wrappers.BoolValue `protobuf:"bytes,7,opt,name=enableProtocolSniffingInbound,proto3" json:"enableProtocolSniffingInbound,omitempty"` - // Configure the certificate provider for control plane communication. - // Currently, two providers are supported: "kubernetes" and "istiod". - // As some platforms may not have kubernetes signing APIs, - // Istiod is the default - // +kubebuilder:validation:Enum=KUBERNETES;ISTIOD - CertProvider PilotCertProviderType `protobuf:"varint,8,opt,name=certProvider,proto3,enum=istio_operator.v2.api.v1alpha1.PilotCertProviderType" json:"certProvider,omitempty"` - // SPIFFE configuration of Pilot - Spiffe *SPIFFEConfiguration `protobuf:"bytes,9,opt,name=spiffe,proto3" json:"spiffe,omitempty"` -} - -func (x *IstiodConfiguration) Reset() { - *x = IstiodConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstiodConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstiodConfiguration) ProtoMessage() {} - -func (x *IstiodConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstiodConfiguration.ProtoReflect.Descriptor instead. -func (*IstiodConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{10} -} - -func (x *IstiodConfiguration) GetDeployment() *BaseKubernetesResourceConfig { - if x != nil { - return x.Deployment - } - return nil -} - -func (x *IstiodConfiguration) GetEnableAnalysis() *wrappers.BoolValue { - if x != nil { - return x.EnableAnalysis - } - return nil -} - -func (x *IstiodConfiguration) GetEnableStatus() *wrappers.BoolValue { - if x != nil { - return x.EnableStatus - } - return nil -} - -func (x *IstiodConfiguration) GetExternalIstiod() *ExternalIstiodConfiguration { - if x != nil { - return x.ExternalIstiod - } - return nil -} - -func (x *IstiodConfiguration) GetTraceSampling() *wrappers.FloatValue { - if x != nil { - return x.TraceSampling - } - return nil -} - -func (x *IstiodConfiguration) GetEnableProtocolSniffingOutbound() *wrappers.BoolValue { - if x != nil { - return x.EnableProtocolSniffingOutbound - } - return nil -} - -func (x *IstiodConfiguration) GetEnableProtocolSniffingInbound() *wrappers.BoolValue { - if x != nil { - return x.EnableProtocolSniffingInbound - } - return nil -} - -func (x *IstiodConfiguration) GetCertProvider() PilotCertProviderType { - if x != nil { - return x.CertProvider - } - return PilotCertProviderType_PilotCertProviderType_UNSPECIFIED -} - -func (x *IstiodConfiguration) GetSpiffe() *SPIFFEConfiguration { - if x != nil { - return x.Spiffe - } - return nil -} - -// ExternalIstiodConfiguration defines settings for local istiod to control remote clusters as well -type ExternalIstiodConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *ExternalIstiodConfiguration) Reset() { - *x = ExternalIstiodConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExternalIstiodConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExternalIstiodConfiguration) ProtoMessage() {} - -func (x *ExternalIstiodConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExternalIstiodConfiguration.ProtoReflect.Descriptor instead. -func (*ExternalIstiodConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{11} -} - -func (x *ExternalIstiodConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -// SPIFFEConfiguration is for SPIFFE configuration of Pilot -type SPIFFEConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - OperatorEndpoints *OperatorEndpointsConfiguration `protobuf:"bytes,1,opt,name=operatorEndpoints,proto3" json:"operatorEndpoints,omitempty"` -} - -func (x *SPIFFEConfiguration) Reset() { - *x = SPIFFEConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SPIFFEConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SPIFFEConfiguration) ProtoMessage() {} - -func (x *SPIFFEConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SPIFFEConfiguration.ProtoReflect.Descriptor instead. -func (*SPIFFEConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{12} -} - -func (x *SPIFFEConfiguration) GetOperatorEndpoints() *OperatorEndpointsConfiguration { - if x != nil { - return x.OperatorEndpoints - } - return nil -} - -// OperatorEndpointsConfiguration defines config options for automatic SPIFFE endpoints -type OperatorEndpointsConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *OperatorEndpointsConfiguration) Reset() { - *x = OperatorEndpointsConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OperatorEndpointsConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OperatorEndpointsConfiguration) ProtoMessage() {} - -func (x *OperatorEndpointsConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OperatorEndpointsConfiguration.ProtoReflect.Descriptor instead. -func (*OperatorEndpointsConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{13} -} - -func (x *OperatorEndpointsConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -type TelemetryV2Configuration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *TelemetryV2Configuration) Reset() { - *x = TelemetryV2Configuration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TelemetryV2Configuration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TelemetryV2Configuration) ProtoMessage() {} - -func (x *TelemetryV2Configuration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TelemetryV2Configuration.ProtoReflect.Descriptor instead. -func (*TelemetryV2Configuration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{14} -} - -func (x *TelemetryV2Configuration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -// ProxyWasmConfiguration defines config options for Envoy wasm -type ProxyWasmConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *ProxyWasmConfiguration) Reset() { - *x = ProxyWasmConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ProxyWasmConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ProxyWasmConfiguration) ProtoMessage() {} - -func (x *ProxyWasmConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ProxyWasmConfiguration.ProtoReflect.Descriptor instead. -func (*ProxyWasmConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{15} -} - -func (x *ProxyWasmConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -// PDBConfiguration holds Pod Disruption Budget related config options -type PDBConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *PDBConfiguration) Reset() { - *x = PDBConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PDBConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PDBConfiguration) ProtoMessage() {} - -func (x *PDBConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PDBConfiguration.ProtoReflect.Descriptor instead. -func (*PDBConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{16} -} - -func (x *PDBConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -type HTTPProxyEnvsConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - HttpProxy string `protobuf:"bytes,1,opt,name=httpProxy,proto3" json:"httpProxy,omitempty"` - HttpsProxy string `protobuf:"bytes,2,opt,name=httpsProxy,proto3" json:"httpsProxy,omitempty"` - NoProxy string `protobuf:"bytes,3,opt,name=noProxy,proto3" json:"noProxy,omitempty"` -} - -func (x *HTTPProxyEnvsConfiguration) Reset() { - *x = HTTPProxyEnvsConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPProxyEnvsConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPProxyEnvsConfiguration) ProtoMessage() {} - -func (x *HTTPProxyEnvsConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPProxyEnvsConfiguration.ProtoReflect.Descriptor instead. -func (*HTTPProxyEnvsConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{17} -} - -func (x *HTTPProxyEnvsConfiguration) GetHttpProxy() string { - if x != nil { - return x.HttpProxy - } - return "" -} - -func (x *HTTPProxyEnvsConfiguration) GetHttpsProxy() string { - if x != nil { - return x.HttpsProxy - } - return "" -} - -func (x *HTTPProxyEnvsConfiguration) GetNoProxy() string { - if x != nil { - return x.NoProxy - } - return "" -} - -// -type IstioControlPlaneStatus struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Reconciliation status of the Istio control plane - Status ConfigState `protobuf:"varint,1,opt,name=status,proto3,enum=istio_operator.v2.api.v1alpha1.ConfigState" json:"status,omitempty"` - // Cluster ID - ClusterID string `protobuf:"bytes,2,opt,name=clusterID,proto3" json:"clusterID,omitempty"` - // Name of the IstioControlPlane resource - // It is used on remote clusters in the PeerIstioControlPlane resource status - // to identify the original Istio control plane - IstioControlPlaneName string `protobuf:"bytes,3,opt,name=istioControlPlaneName,proto3" json:"istioControlPlaneName,omitempty"` - // Current addresses for the corresponding gateways - GatewayAddress []string `protobuf:"bytes,4,rep,name=gatewayAddress,proto3" json:"gatewayAddress,omitempty"` - // Current addresses for the corresponding istiod pods - IstiodAddresses []string `protobuf:"bytes,5,rep,name=istiodAddresses,proto3" json:"istiodAddresses,omitempty"` - // Namespaces which are set for injection for this control plane - InjectionNamespaces []string `protobuf:"bytes,6,rep,name=injectionNamespaces,proto3" json:"injectionNamespaces,omitempty"` - // Istio CA root certificate - CaRootCertificate string `protobuf:"bytes,7,opt,name=caRootCertificate,proto3" json:"caRootCertificate,omitempty"` - // Reconciliation error message if any - ErrorMessage string `protobuf:"bytes,8,opt,name=errorMessage,proto3" json:"errorMessage,omitempty"` - MeshConfig *v1alpha1.MeshConfig `protobuf:"bytes,9,opt,name=meshConfig,proto3" json:"meshConfig,omitempty"` - Checksums *StatusChecksums `protobuf:"bytes,10,opt,name=checksums,proto3" json:"checksums,omitempty"` -} - -func (x *IstioControlPlaneStatus) Reset() { - *x = IstioControlPlaneStatus{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioControlPlaneStatus) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioControlPlaneStatus) ProtoMessage() {} - -func (x *IstioControlPlaneStatus) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioControlPlaneStatus.ProtoReflect.Descriptor instead. -func (*IstioControlPlaneStatus) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{18} -} - -func (x *IstioControlPlaneStatus) GetStatus() ConfigState { - if x != nil { - return x.Status - } - return ConfigState_Unspecified -} - -func (x *IstioControlPlaneStatus) GetClusterID() string { - if x != nil { - return x.ClusterID - } - return "" -} - -func (x *IstioControlPlaneStatus) GetIstioControlPlaneName() string { - if x != nil { - return x.IstioControlPlaneName - } - return "" -} - -func (x *IstioControlPlaneStatus) GetGatewayAddress() []string { - if x != nil { - return x.GatewayAddress - } - return nil -} - -func (x *IstioControlPlaneStatus) GetIstiodAddresses() []string { - if x != nil { - return x.IstiodAddresses - } - return nil -} - -func (x *IstioControlPlaneStatus) GetInjectionNamespaces() []string { - if x != nil { - return x.InjectionNamespaces - } - return nil -} - -func (x *IstioControlPlaneStatus) GetCaRootCertificate() string { - if x != nil { - return x.CaRootCertificate - } - return "" -} - -func (x *IstioControlPlaneStatus) GetErrorMessage() string { - if x != nil { - return x.ErrorMessage - } - return "" -} - -func (x *IstioControlPlaneStatus) GetMeshConfig() *v1alpha1.MeshConfig { - if x != nil { - return x.MeshConfig - } - return nil -} - -func (x *IstioControlPlaneStatus) GetChecksums() *StatusChecksums { - if x != nil { - return x.Checksums - } - return nil -} - -// -type StatusChecksums struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MeshConfig string `protobuf:"bytes,1,opt,name=meshConfig,proto3" json:"meshConfig,omitempty"` - SidecarInjector string `protobuf:"bytes,2,opt,name=sidecarInjector,proto3" json:"sidecarInjector,omitempty"` -} - -func (x *StatusChecksums) Reset() { - *x = StatusChecksums{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StatusChecksums) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StatusChecksums) ProtoMessage() {} - -func (x *StatusChecksums) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StatusChecksums.ProtoReflect.Descriptor instead. -func (*StatusChecksums) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{19} -} - -func (x *StatusChecksums) GetMeshConfig() string { - if x != nil { - return x.MeshConfig - } - return "" -} - -func (x *StatusChecksums) GetSidecarInjector() string { - if x != nil { - return x.SidecarInjector - } - return "" -} - -type MeshExpansionConfiguration_Istiod struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Expose *wrappers.BoolValue `protobuf:"bytes,1,opt,name=expose,proto3" json:"expose,omitempty"` -} - -func (x *MeshExpansionConfiguration_Istiod) Reset() { - *x = MeshExpansionConfiguration_Istiod{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshExpansionConfiguration_Istiod) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshExpansionConfiguration_Istiod) ProtoMessage() {} - -func (x *MeshExpansionConfiguration_Istiod) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshExpansionConfiguration_Istiod.ProtoReflect.Descriptor instead. -func (*MeshExpansionConfiguration_Istiod) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *MeshExpansionConfiguration_Istiod) GetExpose() *wrappers.BoolValue { - if x != nil { - return x.Expose - } - return nil -} - -type MeshExpansionConfiguration_Webhook struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Expose *wrappers.BoolValue `protobuf:"bytes,1,opt,name=expose,proto3" json:"expose,omitempty"` -} - -func (x *MeshExpansionConfiguration_Webhook) Reset() { - *x = MeshExpansionConfiguration_Webhook{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshExpansionConfiguration_Webhook) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshExpansionConfiguration_Webhook) ProtoMessage() {} - -func (x *MeshExpansionConfiguration_Webhook) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshExpansionConfiguration_Webhook.ProtoReflect.Descriptor instead. -func (*MeshExpansionConfiguration_Webhook) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{4, 1} -} - -func (x *MeshExpansionConfiguration_Webhook) GetExpose() *wrappers.BoolValue { - if x != nil { - return x.Expose - } - return nil -} - -type MeshExpansionConfiguration_ClusterServices struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Expose *wrappers.BoolValue `protobuf:"bytes,1,opt,name=expose,proto3" json:"expose,omitempty"` -} - -func (x *MeshExpansionConfiguration_ClusterServices) Reset() { - *x = MeshExpansionConfiguration_ClusterServices{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshExpansionConfiguration_ClusterServices) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshExpansionConfiguration_ClusterServices) ProtoMessage() {} - -func (x *MeshExpansionConfiguration_ClusterServices) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshExpansionConfiguration_ClusterServices.ProtoReflect.Descriptor instead. -func (*MeshExpansionConfiguration_ClusterServices) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{4, 2} -} - -func (x *MeshExpansionConfiguration_ClusterServices) GetExpose() *wrappers.BoolValue { - if x != nil { - return x.Expose - } - return nil -} - -type MeshExpansionConfiguration_IstioMeshGatewayConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Istio Mesh gateway metadata - Metadata *K8SObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` - // Deployment spec - Deployment *BaseKubernetesResourceConfig `protobuf:"bytes,2,opt,name=deployment,proto3" json:"deployment,omitempty"` - // Service spec - Service *UnprotectedService `protobuf:"bytes,3,opt,name=service,proto3" json:"service,omitempty"` - // Whether to run the gateway in a privileged container - RunAsRoot *wrappers.BoolValue `protobuf:"bytes,4,opt,name=runAsRoot,proto3" json:"runAsRoot,omitempty"` - // K8s resource overlay patches - K8SResourceOverlays []*K8SResourceOverlayPatch `protobuf:"bytes,5,rep,name=k8sResourceOverlays,proto3" json:"k8sResourceOverlays,omitempty"` -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) Reset() { - *x = MeshExpansionConfiguration_IstioMeshGatewayConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshExpansionConfiguration_IstioMeshGatewayConfiguration) ProtoMessage() {} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[23] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshExpansionConfiguration_IstioMeshGatewayConfiguration.ProtoReflect.Descriptor instead. -func (*MeshExpansionConfiguration_IstioMeshGatewayConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{4, 3} -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) GetMetadata() *K8SObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) GetDeployment() *BaseKubernetesResourceConfig { - if x != nil { - return x.Deployment - } - return nil -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) GetService() *UnprotectedService { - if x != nil { - return x.Service - } - return nil -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) GetRunAsRoot() *wrappers.BoolValue { - if x != nil { - return x.RunAsRoot - } - return nil -} - -func (x *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) GetK8SResourceOverlays() []*K8SResourceOverlayPatch { - if x != nil { - return x.K8SResourceOverlays - } - return nil -} - -type CNIConfiguration_RepairConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - LabelPods *wrappers.BoolValue `protobuf:"bytes,2,opt,name=labelPods,proto3" json:"labelPods,omitempty"` - DeletePods *wrappers.BoolValue `protobuf:"bytes,3,opt,name=deletePods,proto3" json:"deletePods,omitempty"` - InitContainerName string `protobuf:"bytes,4,opt,name=initContainerName,proto3" json:"initContainerName,omitempty"` - BrokenPodLabelKey string `protobuf:"bytes,5,opt,name=brokenPodLabelKey,proto3" json:"brokenPodLabelKey,omitempty"` - BrokenPodLabelValue string `protobuf:"bytes,6,opt,name=brokenPodLabelValue,proto3" json:"brokenPodLabelValue,omitempty"` -} - -func (x *CNIConfiguration_RepairConfiguration) Reset() { - *x = CNIConfiguration_RepairConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CNIConfiguration_RepairConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CNIConfiguration_RepairConfiguration) ProtoMessage() {} - -func (x *CNIConfiguration_RepairConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CNIConfiguration_RepairConfiguration.ProtoReflect.Descriptor instead. -func (*CNIConfiguration_RepairConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{9, 0} -} - -func (x *CNIConfiguration_RepairConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -func (x *CNIConfiguration_RepairConfiguration) GetLabelPods() *wrappers.BoolValue { - if x != nil { - return x.LabelPods - } - return nil -} - -func (x *CNIConfiguration_RepairConfiguration) GetDeletePods() *wrappers.BoolValue { - if x != nil { - return x.DeletePods - } - return nil -} - -func (x *CNIConfiguration_RepairConfiguration) GetInitContainerName() string { - if x != nil { - return x.InitContainerName - } - return "" -} - -func (x *CNIConfiguration_RepairConfiguration) GetBrokenPodLabelKey() string { - if x != nil { - return x.BrokenPodLabelKey - } - return "" -} - -func (x *CNIConfiguration_RepairConfiguration) GetBrokenPodLabelValue() string { - if x != nil { - return x.BrokenPodLabelValue - } - return "" -} - -type CNIConfiguration_TaintConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - Container *BaseKubernetesContainerConfiguration `protobuf:"bytes,2,opt,name=container,proto3" json:"container,omitempty"` -} - -func (x *CNIConfiguration_TaintConfiguration) Reset() { - *x = CNIConfiguration_TaintConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[25] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CNIConfiguration_TaintConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CNIConfiguration_TaintConfiguration) ProtoMessage() {} - -func (x *CNIConfiguration_TaintConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[25] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CNIConfiguration_TaintConfiguration.ProtoReflect.Descriptor instead. -func (*CNIConfiguration_TaintConfiguration) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{9, 1} -} - -func (x *CNIConfiguration_TaintConfiguration) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -func (x *CNIConfiguration_TaintConfiguration) GetContainer() *BaseKubernetesContainerConfiguration { - if x != nil { - return x.Container - } - return nil -} - -type CNIConfiguration_ResourceQuotas struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Enabled *wrappers.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - Pods string `protobuf:"bytes,2,opt,name=pods,proto3" json:"pods,omitempty"` - PriorityClasses []string `protobuf:"bytes,3,rep,name=priorityClasses,proto3" json:"priorityClasses,omitempty"` -} - -func (x *CNIConfiguration_ResourceQuotas) Reset() { - *x = CNIConfiguration_ResourceQuotas{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[26] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CNIConfiguration_ResourceQuotas) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CNIConfiguration_ResourceQuotas) ProtoMessage() {} - -func (x *CNIConfiguration_ResourceQuotas) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiocontrolplane_proto_msgTypes[26] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CNIConfiguration_ResourceQuotas.ProtoReflect.Descriptor instead. -func (*CNIConfiguration_ResourceQuotas) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP(), []int{9, 2} -} - -func (x *CNIConfiguration_ResourceQuotas) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -func (x *CNIConfiguration_ResourceQuotas) GetPods() string { - if x != nil { - return x.Pods - } - return "" -} - -func (x *CNIConfiguration_ResourceQuotas) GetPriorityClasses() []string { - if x != nil { - return x.PriorityClasses - } - return nil -} - -var File_api_v1alpha1_istiocontrolplane_proto protoreflect.FileDescriptor - -var file_api_v1alpha1_istiocontrolplane_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x19, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x23, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x6d, 0x65, 0x73, 0x68, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x6d, 0x65, 0x73, 0x68, - 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xd0, 0x0d, 0x0a, 0x15, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1e, 0x0a, 0x07, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, - 0x41, 0x01, 0x02, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x04, - 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x6f, 0x64, 0x65, - 0x54, 0x79, 0x70, 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, - 0x12, 0x4e, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, - 0x12, 0x42, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, - 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x74, 0x6c, 0x73, 0x43, - 0x65, 0x72, 0x74, 0x73, 0x12, 0x4b, 0x0a, 0x06, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x64, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x54, 0x0a, 0x09, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6e, 0x69, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, - 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x50, 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6e, 0x69, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6e, 0x69, - 0x74, 0x12, 0x5a, 0x0a, 0x0b, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x56, 0x32, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, - 0x79, 0x56, 0x32, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x0b, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x56, 0x32, 0x12, 0x42, 0x0a, - 0x03, 0x73, 0x64, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x44, 0x53, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x73, 0x64, - 0x73, 0x12, 0x54, 0x0a, 0x09, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x57, 0x61, 0x73, 0x6d, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x57, 0x61, 0x73, 0x6d, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x57, 0x61, 0x73, 0x6d, 0x12, 0x48, 0x0a, 0x11, 0x77, 0x61, 0x74, 0x63, 0x68, - 0x4f, 0x6e, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x11, - 0x77, 0x61, 0x74, 0x63, 0x68, 0x4f, 0x6e, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x12, 0x4b, 0x0a, 0x09, 0x6a, 0x77, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0c, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x09, 0x6a, 0x77, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1c, - 0x0a, 0x09, 0x63, 0x61, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x09, 0x63, 0x61, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1e, 0x0a, 0x0a, - 0x63, 0x61, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x63, 0x61, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, - 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x60, 0x0a, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x45, 0x6e, 0x76, - 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x45, 0x6e, 0x76, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x45, 0x6e, - 0x76, 0x73, 0x12, 0x3f, 0x0a, 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, - 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x69, 0x0a, 0x13, 0x6b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x12, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, - 0x72, 0x6c, 0x61, 0x79, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x13, 0x6b, 0x38, 0x73, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, 0x73, 0x12, 0x16, - 0x0a, 0x06, 0x6d, 0x65, 0x73, 0x68, 0x49, 0x44, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x6d, 0x65, 0x73, 0x68, 0x49, 0x44, 0x12, 0x7d, 0x0a, 0x1b, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1b, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x60, 0x0a, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x45, 0x78, 0x70, - 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, - 0x73, 0x68, 0x45, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x65, 0x73, 0x68, 0x45, 0x78, - 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x49, 0x44, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x66, 0x0a, 0x0f, 0x73, 0x69, 0x64, 0x65, 0x63, - 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, - 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, - 0x34, 0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x65, 0x72, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x74, - 0x72, 0x61, 0x63, 0x65, 0x72, 0x22, 0x98, 0x02, 0x0a, 0x1c, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, - 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, - 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x73, 0x65, - 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, - 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x41, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x57, 0x0a, 0x09, 0x74, 0x65, 0x6d, 0x70, 0x6c, - 0x61, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, - 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x65, 0x6d, 0x70, - 0x6c, 0x61, 0x74, 0x65, 0x73, 0x52, 0x09, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x73, - 0x22, 0xba, 0x01, 0x0a, 0x19, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x12, 0x18, - 0x0a, 0x07, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x12, 0x69, 0x0a, 0x0f, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x54, 0x65, 0x6d, 0x70, - 0x6c, 0x61, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x75, 0x73, - 0x74, 0x6f, 0x6d, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x52, 0x0f, 0x63, 0x75, - 0x73, 0x74, 0x6f, 0x6d, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x22, 0x51, 0x0a, - 0x1f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, - 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x22, 0xf7, 0x08, 0x0a, 0x1a, 0x4d, 0x65, 0x73, 0x68, 0x45, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, - 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x72, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x58, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x45, 0x78, 0x70, 0x61, - 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x59, 0x0a, 0x06, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x45, - 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x52, 0x06, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x64, 0x12, 0x5c, 0x0a, 0x07, 0x77, 0x65, 0x62, 0x68, 0x6f, 0x6f, 0x6b, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x45, 0x78, 0x70, 0x61, 0x6e, - 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2e, 0x57, 0x65, 0x62, 0x68, 0x6f, 0x6f, 0x6b, 0x52, 0x07, 0x77, 0x65, 0x62, 0x68, 0x6f, - 0x6f, 0x6b, 0x12, 0x74, 0x0a, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, - 0x68, 0x45, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x1a, 0x3c, 0x0a, 0x06, 0x49, 0x73, 0x74, 0x69, - 0x6f, 0x64, 0x12, 0x32, 0x0a, 0x06, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, - 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x1a, 0x3d, 0x0a, 0x07, 0x57, 0x65, 0x62, 0x68, 0x6f, 0x6f, - 0x6b, 0x12, 0x32, 0x0a, 0x06, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x65, - 0x78, 0x70, 0x6f, 0x73, 0x65, 0x1a, 0x45, 0x0a, 0x0f, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x32, 0x0a, 0x06, 0x65, 0x78, 0x70, 0x6f, - 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x1a, 0xbb, 0x03, 0x0a, - 0x1d, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, - 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x49, - 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, - 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x5c, 0x0a, 0x0a, 0x64, 0x65, 0x70, - 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, - 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x64, 0x65, 0x70, - 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x4c, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x70, 0x72, 0x6f, 0x74, - 0x65, 0x63, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x52, 0x6f, - 0x6f, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x52, 0x6f, 0x6f, 0x74, 0x12, - 0x69, 0x0a, 0x13, 0x6b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, - 0x65, 0x72, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, - 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, - 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x13, 0x6b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, 0x73, 0x22, 0x2c, 0x0a, 0x14, 0x4c, 0x6f, - 0x67, 0x67, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x38, 0x0a, 0x10, 0x53, 0x44, 0x53, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, - 0x63, 0x65, 0x22, 0xa2, 0x06, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, - 0x3a, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x69, 0x6c, 0x65, 0x67, 0x65, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x0a, 0x70, 0x72, 0x69, 0x76, 0x69, 0x6c, 0x65, 0x67, 0x65, 0x64, 0x12, 0x42, 0x0a, 0x0e, 0x65, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x43, 0x6f, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x0e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x43, 0x6f, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x12, - 0x49, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, - 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x6f, - 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, - 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x64, - 0x0a, 0x1f, 0x68, 0x6f, 0x6c, 0x64, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x72, 0x74, - 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x1f, 0x68, 0x6f, 0x6c, 0x64, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, - 0x61, 0x72, 0x74, 0x73, 0x12, 0x3b, 0x0a, 0x09, 0x6c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, - 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x66, - 0x65, 0x63, 0x79, 0x63, 0x6c, 0x65, 0x52, 0x09, 0x6c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, - 0x65, 0x12, 0x52, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x28, 0x0a, 0x0f, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, - 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, - 0x28, 0x0a, 0x0f, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, - 0x65, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, - 0x65, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x65, 0x78, 0x63, - 0x6c, 0x75, 0x64, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x73, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x49, - 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x65, - 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x6f, - 0x72, 0x74, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x65, 0x78, 0x63, 0x6c, 0x75, - 0x64, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x1b, 0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x06, 0x74, 0x72, 0x61, 0x63, 0x65, 0x72, 0x88, 0x01, 0x01, 0x42, 0x09, 0x0a, 0x07, - 0x5f, 0x74, 0x72, 0x61, 0x63, 0x65, 0x72, 0x22, 0xc6, 0x01, 0x0a, 0x16, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x49, 0x6e, 0x69, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x52, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, - 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x03, - 0x63, 0x6e, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x4e, 0x49, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x63, 0x6e, 0x69, - 0x22, 0x84, 0x0b, 0x0a, 0x10, 0x43, 0x4e, 0x49, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x07, 0x63, - 0x68, 0x61, 0x69, 0x6e, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, - 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x65, - 0x64, 0x12, 0x16, 0x0a, 0x06, 0x62, 0x69, 0x6e, 0x44, 0x69, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x62, 0x69, 0x6e, 0x44, 0x69, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6e, - 0x66, 0x44, 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, - 0x44, 0x69, 0x72, 0x12, 0x2c, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, - 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, - 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x22, 0x0a, 0x0c, 0x63, - 0x6f, 0x6e, 0x66, 0x46, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x66, 0x46, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x2e, 0x0a, 0x12, 0x70, 0x73, 0x70, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x6f, 0x6c, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x73, 0x70, - 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x6f, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x5c, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x61, 0x69, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x44, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x43, 0x4e, 0x49, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2e, 0x52, 0x65, 0x70, 0x61, 0x69, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x72, 0x65, 0x70, 0x61, 0x69, 0x72, 0x12, 0x59, 0x0a, - 0x05, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x4e, - 0x49, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x54, - 0x61, 0x69, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x05, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x67, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x43, 0x4e, 0x49, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x51, 0x75, 0x6f, 0x74, 0x61, - 0x73, 0x52, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x51, 0x75, 0x6f, 0x74, 0x61, - 0x73, 0x12, 0x5a, 0x0a, 0x09, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x73, 0x65, 0x74, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, - 0x65, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x52, 0x09, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x73, 0x65, 0x74, 0x1a, 0xcf, 0x02, - 0x0a, 0x13, 0x52, 0x65, 0x70, 0x61, 0x69, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x38, 0x0a, 0x09, 0x6c, - 0x61, 0x62, 0x65, 0x6c, 0x50, 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x50, 0x6f, 0x64, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, - 0x6f, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, - 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x69, 0x6e, 0x69, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, - 0x69, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x2c, 0x0a, 0x11, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x6f, 0x64, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x4b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x62, 0x72, 0x6f, 0x6b, - 0x65, 0x6e, 0x50, 0x6f, 0x64, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x4b, 0x65, 0x79, 0x12, 0x30, 0x0a, - 0x13, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x6f, 0x64, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x62, 0x72, 0x6f, 0x6b, - 0x65, 0x6e, 0x50, 0x6f, 0x64, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, - 0xae, 0x01, 0x0a, 0x12, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x62, 0x0a, 0x09, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x44, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, - 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, 0x73, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x1a, 0x84, 0x01, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x51, 0x75, 0x6f, - 0x74, 0x61, 0x73, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x64, - 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x64, 0x73, 0x12, 0x28, 0x0a, - 0x0f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x65, 0x73, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x43, 0x6c, 0x61, 0x73, 0x73, 0x65, 0x73, 0x22, 0x93, 0x06, 0x0a, 0x13, 0x49, 0x73, 0x74, 0x69, - 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x5c, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x42, 0x0a, - 0x0e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x0e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, - 0x73, 0x12, 0x3e, 0x0a, 0x0c, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x0c, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x63, 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x73, 0x74, - 0x69, 0x6f, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x49, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x12, 0x47, 0x0a, 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x53, - 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x03, - 0x52, 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x12, - 0x62, 0x0a, 0x1e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x53, 0x6e, 0x69, 0x66, 0x66, 0x69, 0x6e, 0x67, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, - 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x53, 0x6e, 0x69, 0x66, 0x66, 0x69, 0x6e, 0x67, 0x4f, 0x75, 0x74, 0x62, 0x6f, - 0x75, 0x6e, 0x64, 0x12, 0x60, 0x0a, 0x1d, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x53, 0x6e, 0x69, 0x66, 0x66, 0x69, 0x6e, 0x67, 0x49, 0x6e, 0x62, - 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, - 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1d, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x53, 0x6e, 0x69, 0x66, 0x66, 0x69, 0x6e, 0x67, 0x49, 0x6e, - 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x59, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x69, 0x6c, - 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, - 0x70, 0x65, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x12, 0x4b, 0x0a, 0x06, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x22, 0x53, 0x0a, - 0x1b, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x13, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6c, 0x0a, 0x11, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0x56, 0x0a, 0x1e, 0x4f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, - 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, - 0x22, 0x50, 0x0a, 0x18, 0x54, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x56, 0x32, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x22, 0x4e, 0x0a, 0x16, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x57, 0x61, 0x73, 0x6d, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x22, 0x48, 0x0a, 0x10, 0x50, 0x44, 0x42, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x74, 0x0a, 0x1a, - 0x48, 0x54, 0x54, 0x50, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x45, 0x6e, 0x76, 0x73, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x68, 0x74, - 0x74, 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x68, - 0x74, 0x74, 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x68, 0x74, 0x74, 0x70, - 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x6f, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x6f, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x98, 0x04, 0x0a, 0x17, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x43, - 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, - 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x44, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, - 0x44, 0x12, 0x34, 0x0a, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x15, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x50, 0x6c, - 0x61, 0x6e, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x67, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0e, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x28, 0x0a, 0x0f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x64, - 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x69, 0x6e, 0x6a, - 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x63, - 0x61, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x61, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x3f, 0x0a, - 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x52, 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4d, - 0x0a, 0x09, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, - 0x6d, 0x73, 0x52, 0x09, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x73, 0x22, 0x5b, 0x0a, - 0x0f, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x73, - 0x12, 0x1e, 0x0a, 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x69, 0x64, 0x65, 0x63, - 0x61, 0x72, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2a, 0x3d, 0x0a, 0x08, 0x4d, 0x6f, - 0x64, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x79, - 0x70, 0x65, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, - 0x50, 0x41, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x2a, 0x7d, 0x0a, 0x0d, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1d, 0x0a, 0x19, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x55, 0x4e, 0x53, 0x50, - 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, - 0x43, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x02, 0x12, - 0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x57, 0x41, 0x52, - 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, - 0x05, 0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x06, 0x12, - 0x07, 0x0a, 0x03, 0x4f, 0x46, 0x46, 0x10, 0x07, 0x2a, 0x5a, 0x0a, 0x15, 0x50, 0x69, 0x6c, 0x6f, - 0x74, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x25, 0x0a, 0x21, 0x50, 0x69, 0x6c, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, - 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x4b, 0x55, 0x42, 0x45, - 0x52, 0x4e, 0x45, 0x54, 0x45, 0x53, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x53, 0x54, 0x49, - 0x4f, 0x44, 0x10, 0x02, 0x2a, 0x58, 0x0a, 0x0d, 0x4a, 0x57, 0x54, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x4a, 0x57, 0x54, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x54, 0x79, 0x70, 0x65, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, - 0x52, 0x54, 0x59, 0x5f, 0x4a, 0x57, 0x54, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x46, 0x49, 0x52, - 0x53, 0x54, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x4a, 0x57, 0x54, 0x10, 0x02, 0x42, 0x37, - 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, 0x6e, - 0x7a, 0x61, 0x69, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2d, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_api_v1alpha1_istiocontrolplane_proto_rawDescOnce sync.Once - file_api_v1alpha1_istiocontrolplane_proto_rawDescData = file_api_v1alpha1_istiocontrolplane_proto_rawDesc -) - -func file_api_v1alpha1_istiocontrolplane_proto_rawDescGZIP() []byte { - file_api_v1alpha1_istiocontrolplane_proto_rawDescOnce.Do(func() { - file_api_v1alpha1_istiocontrolplane_proto_rawDescData = protoimpl.X.CompressGZIP(file_api_v1alpha1_istiocontrolplane_proto_rawDescData) - }) - return file_api_v1alpha1_istiocontrolplane_proto_rawDescData -} - -var file_api_v1alpha1_istiocontrolplane_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_api_v1alpha1_istiocontrolplane_proto_msgTypes = make([]protoimpl.MessageInfo, 27) -var file_api_v1alpha1_istiocontrolplane_proto_goTypes = []interface{}{ - (ModeType)(0), // 0: istio_operator.v2.api.v1alpha1.ModeType - (ProxyLogLevel)(0), // 1: istio_operator.v2.api.v1alpha1.ProxyLogLevel - (PilotCertProviderType)(0), // 2: istio_operator.v2.api.v1alpha1.PilotCertProviderType - (JWTPolicyType)(0), // 3: istio_operator.v2.api.v1alpha1.JWTPolicyType - (*IstioControlPlaneSpec)(nil), // 4: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec - (*SidecarInjectorConfiguration)(nil), // 5: istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration - (*SidecarInjectionTemplates)(nil), // 6: istio_operator.v2.api.v1alpha1.SidecarInjectionTemplates - (*CustomSidecarInjectionTemplates)(nil), // 7: istio_operator.v2.api.v1alpha1.CustomSidecarInjectionTemplates - (*MeshExpansionConfiguration)(nil), // 8: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration - (*LoggingConfiguration)(nil), // 9: istio_operator.v2.api.v1alpha1.LoggingConfiguration - (*SDSConfiguration)(nil), // 10: istio_operator.v2.api.v1alpha1.SDSConfiguration - (*ProxyConfiguration)(nil), // 11: istio_operator.v2.api.v1alpha1.ProxyConfiguration - (*ProxyInitConfiguration)(nil), // 12: istio_operator.v2.api.v1alpha1.ProxyInitConfiguration - (*CNIConfiguration)(nil), // 13: istio_operator.v2.api.v1alpha1.CNIConfiguration - (*IstiodConfiguration)(nil), // 14: istio_operator.v2.api.v1alpha1.IstiodConfiguration - (*ExternalIstiodConfiguration)(nil), // 15: istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration - (*SPIFFEConfiguration)(nil), // 16: istio_operator.v2.api.v1alpha1.SPIFFEConfiguration - (*OperatorEndpointsConfiguration)(nil), // 17: istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration - (*TelemetryV2Configuration)(nil), // 18: istio_operator.v2.api.v1alpha1.TelemetryV2Configuration - (*ProxyWasmConfiguration)(nil), // 19: istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration - (*PDBConfiguration)(nil), // 20: istio_operator.v2.api.v1alpha1.PDBConfiguration - (*HTTPProxyEnvsConfiguration)(nil), // 21: istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration - (*IstioControlPlaneStatus)(nil), // 22: istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus - (*StatusChecksums)(nil), // 23: istio_operator.v2.api.v1alpha1.StatusChecksums - (*MeshExpansionConfiguration_Istiod)(nil), // 24: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod - (*MeshExpansionConfiguration_Webhook)(nil), // 25: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook - (*MeshExpansionConfiguration_ClusterServices)(nil), // 26: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices - (*MeshExpansionConfiguration_IstioMeshGatewayConfiguration)(nil), // 27: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration - (*CNIConfiguration_RepairConfiguration)(nil), // 28: istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration - (*CNIConfiguration_TaintConfiguration)(nil), // 29: istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration - (*CNIConfiguration_ResourceQuotas)(nil), // 30: istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas - (*wrappers.BoolValue)(nil), // 31: google.protobuf.BoolValue - (*v1alpha1.MeshConfig)(nil), // 32: istio.mesh.v1alpha1.MeshConfig - (*K8SResourceOverlayPatch)(nil), // 33: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - (*ContainerImageConfiguration)(nil), // 34: istio_operator.v2.api.v1alpha1.ContainerImageConfiguration - (*v1alpha1.Tracing)(nil), // 35: istio.mesh.v1alpha1.Tracing - (*BaseKubernetesResourceConfig)(nil), // 36: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - (*Service)(nil), // 37: istio_operator.v2.api.v1alpha1.Service - (*v1.Lifecycle)(nil), // 38: k8s.io.api.core.v1.Lifecycle - (*ResourceRequirements)(nil), // 39: istio_operator.v2.api.v1alpha1.ResourceRequirements - (*wrappers.FloatValue)(nil), // 40: google.protobuf.FloatValue - (ConfigState)(0), // 41: istio_operator.v2.api.v1alpha1.ConfigState - (*K8SObjectMeta)(nil), // 42: istio_operator.v2.api.v1alpha1.K8sObjectMeta - (*UnprotectedService)(nil), // 43: istio_operator.v2.api.v1alpha1.UnprotectedService - (*BaseKubernetesContainerConfiguration)(nil), // 44: istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration -} -var file_api_v1alpha1_istiocontrolplane_proto_depIdxs = []int32{ - 0, // 0: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.mode:type_name -> istio_operator.v2.api.v1alpha1.ModeType - 9, // 1: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.logging:type_name -> istio_operator.v2.api.v1alpha1.LoggingConfiguration - 31, // 2: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.mountMtlsCerts:type_name -> google.protobuf.BoolValue - 14, // 3: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.istiod:type_name -> istio_operator.v2.api.v1alpha1.IstiodConfiguration - 11, // 4: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.proxy:type_name -> istio_operator.v2.api.v1alpha1.ProxyConfiguration - 12, // 5: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.proxyInit:type_name -> istio_operator.v2.api.v1alpha1.ProxyInitConfiguration - 18, // 6: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.telemetryV2:type_name -> istio_operator.v2.api.v1alpha1.TelemetryV2Configuration - 10, // 7: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.sds:type_name -> istio_operator.v2.api.v1alpha1.SDSConfiguration - 19, // 8: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.proxyWasm:type_name -> istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration - 31, // 9: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.watchOneNamespace:type_name -> google.protobuf.BoolValue - 3, // 10: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.jwtPolicy:type_name -> istio_operator.v2.api.v1alpha1.JWTPolicyType - 21, // 11: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.httpProxyEnvs:type_name -> istio_operator.v2.api.v1alpha1.HTTPProxyEnvsConfiguration - 32, // 12: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.meshConfig:type_name -> istio.mesh.v1alpha1.MeshConfig - 33, // 13: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.k8sResourceOverlays:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - 34, // 14: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.containerImageConfiguration:type_name -> istio_operator.v2.api.v1alpha1.ContainerImageConfiguration - 8, // 15: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.meshExpansion:type_name -> istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration - 5, // 16: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.sidecarInjector:type_name -> istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration - 35, // 17: istio_operator.v2.api.v1alpha1.IstioControlPlaneSpec.tracer:type_name -> istio.mesh.v1alpha1.Tracing - 36, // 18: istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration.deployment:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - 37, // 19: istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration.service:type_name -> istio_operator.v2.api.v1alpha1.Service - 6, // 20: istio_operator.v2.api.v1alpha1.SidecarInjectorConfiguration.templates:type_name -> istio_operator.v2.api.v1alpha1.SidecarInjectionTemplates - 7, // 21: istio_operator.v2.api.v1alpha1.SidecarInjectionTemplates.customTemplates:type_name -> istio_operator.v2.api.v1alpha1.CustomSidecarInjectionTemplates - 31, // 22: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.enabled:type_name -> google.protobuf.BoolValue - 27, // 23: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.gateway:type_name -> istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration - 24, // 24: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.istiod:type_name -> istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod - 25, // 25: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.webhook:type_name -> istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook - 26, // 26: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.clusterServices:type_name -> istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices - 31, // 27: istio_operator.v2.api.v1alpha1.ProxyConfiguration.privileged:type_name -> google.protobuf.BoolValue - 31, // 28: istio_operator.v2.api.v1alpha1.ProxyConfiguration.enableCoreDump:type_name -> google.protobuf.BoolValue - 1, // 29: istio_operator.v2.api.v1alpha1.ProxyConfiguration.logLevel:type_name -> istio_operator.v2.api.v1alpha1.ProxyLogLevel - 31, // 30: istio_operator.v2.api.v1alpha1.ProxyConfiguration.holdApplicationUntilProxyStarts:type_name -> google.protobuf.BoolValue - 38, // 31: istio_operator.v2.api.v1alpha1.ProxyConfiguration.lifecycle:type_name -> k8s.io.api.core.v1.Lifecycle - 39, // 32: istio_operator.v2.api.v1alpha1.ProxyConfiguration.resources:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements - 39, // 33: istio_operator.v2.api.v1alpha1.ProxyInitConfiguration.resources:type_name -> istio_operator.v2.api.v1alpha1.ResourceRequirements - 13, // 34: istio_operator.v2.api.v1alpha1.ProxyInitConfiguration.cni:type_name -> istio_operator.v2.api.v1alpha1.CNIConfiguration - 31, // 35: istio_operator.v2.api.v1alpha1.CNIConfiguration.enabled:type_name -> google.protobuf.BoolValue - 31, // 36: istio_operator.v2.api.v1alpha1.CNIConfiguration.chained:type_name -> google.protobuf.BoolValue - 28, // 37: istio_operator.v2.api.v1alpha1.CNIConfiguration.repair:type_name -> istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration - 29, // 38: istio_operator.v2.api.v1alpha1.CNIConfiguration.taint:type_name -> istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration - 30, // 39: istio_operator.v2.api.v1alpha1.CNIConfiguration.resourceQuotas:type_name -> istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas - 36, // 40: istio_operator.v2.api.v1alpha1.CNIConfiguration.daemonset:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - 36, // 41: istio_operator.v2.api.v1alpha1.IstiodConfiguration.deployment:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - 31, // 42: istio_operator.v2.api.v1alpha1.IstiodConfiguration.enableAnalysis:type_name -> google.protobuf.BoolValue - 31, // 43: istio_operator.v2.api.v1alpha1.IstiodConfiguration.enableStatus:type_name -> google.protobuf.BoolValue - 15, // 44: istio_operator.v2.api.v1alpha1.IstiodConfiguration.externalIstiod:type_name -> istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration - 40, // 45: istio_operator.v2.api.v1alpha1.IstiodConfiguration.traceSampling:type_name -> google.protobuf.FloatValue - 31, // 46: istio_operator.v2.api.v1alpha1.IstiodConfiguration.enableProtocolSniffingOutbound:type_name -> google.protobuf.BoolValue - 31, // 47: istio_operator.v2.api.v1alpha1.IstiodConfiguration.enableProtocolSniffingInbound:type_name -> google.protobuf.BoolValue - 2, // 48: istio_operator.v2.api.v1alpha1.IstiodConfiguration.certProvider:type_name -> istio_operator.v2.api.v1alpha1.PilotCertProviderType - 16, // 49: istio_operator.v2.api.v1alpha1.IstiodConfiguration.spiffe:type_name -> istio_operator.v2.api.v1alpha1.SPIFFEConfiguration - 31, // 50: istio_operator.v2.api.v1alpha1.ExternalIstiodConfiguration.enabled:type_name -> google.protobuf.BoolValue - 17, // 51: istio_operator.v2.api.v1alpha1.SPIFFEConfiguration.operatorEndpoints:type_name -> istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration - 31, // 52: istio_operator.v2.api.v1alpha1.OperatorEndpointsConfiguration.enabled:type_name -> google.protobuf.BoolValue - 31, // 53: istio_operator.v2.api.v1alpha1.TelemetryV2Configuration.enabled:type_name -> google.protobuf.BoolValue - 31, // 54: istio_operator.v2.api.v1alpha1.ProxyWasmConfiguration.enabled:type_name -> google.protobuf.BoolValue - 31, // 55: istio_operator.v2.api.v1alpha1.PDBConfiguration.enabled:type_name -> google.protobuf.BoolValue - 41, // 56: istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus.status:type_name -> istio_operator.v2.api.v1alpha1.ConfigState - 32, // 57: istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus.meshConfig:type_name -> istio.mesh.v1alpha1.MeshConfig - 23, // 58: istio_operator.v2.api.v1alpha1.IstioControlPlaneStatus.checksums:type_name -> istio_operator.v2.api.v1alpha1.StatusChecksums - 31, // 59: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Istiod.expose:type_name -> google.protobuf.BoolValue - 31, // 60: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.Webhook.expose:type_name -> google.protobuf.BoolValue - 31, // 61: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.ClusterServices.expose:type_name -> google.protobuf.BoolValue - 42, // 62: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration.metadata:type_name -> istio_operator.v2.api.v1alpha1.K8sObjectMeta - 36, // 63: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration.deployment:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - 43, // 64: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration.service:type_name -> istio_operator.v2.api.v1alpha1.UnprotectedService - 31, // 65: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration.runAsRoot:type_name -> google.protobuf.BoolValue - 33, // 66: istio_operator.v2.api.v1alpha1.MeshExpansionConfiguration.IstioMeshGatewayConfiguration.k8sResourceOverlays:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - 31, // 67: istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration.enabled:type_name -> google.protobuf.BoolValue - 31, // 68: istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration.labelPods:type_name -> google.protobuf.BoolValue - 31, // 69: istio_operator.v2.api.v1alpha1.CNIConfiguration.RepairConfiguration.deletePods:type_name -> google.protobuf.BoolValue - 31, // 70: istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration.enabled:type_name -> google.protobuf.BoolValue - 44, // 71: istio_operator.v2.api.v1alpha1.CNIConfiguration.TaintConfiguration.container:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesContainerConfiguration - 31, // 72: istio_operator.v2.api.v1alpha1.CNIConfiguration.ResourceQuotas.enabled:type_name -> google.protobuf.BoolValue - 73, // [73:73] is the sub-list for method output_type - 73, // [73:73] is the sub-list for method input_type - 73, // [73:73] is the sub-list for extension type_name - 73, // [73:73] is the sub-list for extension extendee - 0, // [0:73] is the sub-list for field type_name -} - -func init() { file_api_v1alpha1_istiocontrolplane_proto_init() } -func file_api_v1alpha1_istiocontrolplane_proto_init() { - if File_api_v1alpha1_istiocontrolplane_proto != nil { - return - } - file_api_v1alpha1_common_proto_init() - file_api_v1alpha1_istiomeshgateway_proto_init() - if !protoimpl.UnsafeEnabled { - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioControlPlaneSpec); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SidecarInjectorConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SidecarInjectionTemplates); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CustomSidecarInjectionTemplates); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshExpansionConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoggingConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SDSConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProxyConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProxyInitConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CNIConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstiodConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExternalIstiodConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SPIFFEConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OperatorEndpointsConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TelemetryV2Configuration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProxyWasmConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PDBConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPProxyEnvsConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioControlPlaneStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StatusChecksums); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshExpansionConfiguration_Istiod); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshExpansionConfiguration_Webhook); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshExpansionConfiguration_ClusterServices); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshExpansionConfiguration_IstioMeshGatewayConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CNIConfiguration_RepairConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CNIConfiguration_TaintConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CNIConfiguration_ResourceQuotas); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_api_v1alpha1_istiocontrolplane_proto_msgTypes[7].OneofWrappers = []interface{}{} - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_api_v1alpha1_istiocontrolplane_proto_rawDesc, - NumEnums: 4, - NumMessages: 27, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_api_v1alpha1_istiocontrolplane_proto_goTypes, - DependencyIndexes: file_api_v1alpha1_istiocontrolplane_proto_depIdxs, - EnumInfos: file_api_v1alpha1_istiocontrolplane_proto_enumTypes, - MessageInfos: file_api_v1alpha1_istiocontrolplane_proto_msgTypes, - }.Build() - File_api_v1alpha1_istiocontrolplane_proto = out.File - file_api_v1alpha1_istiocontrolplane_proto_rawDesc = nil - file_api_v1alpha1_istiocontrolplane_proto_goTypes = nil - file_api_v1alpha1_istiocontrolplane_proto_depIdxs = nil -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.html b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.html deleted file mode 100644 index 3bbb2fd9d..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.pb.html +++ /dev/null @@ -1,3085 +0,0 @@ ---- -title: Istio ControlPlane Spec -description: Istio control plane descriptor -layout: protoc-gen-docs -generator: protoc-gen-docs -schema: istio-operator.api.v1alpha1.IstioControlPlaneSpec -number_of_entries: 42 ---- -

IstioControlPlaneSpec

-
-

IstioControlPlane defines an Istio control plane

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
versionstring -

Contains the intended version for the Istio control plane. -+kubebuilder:validation:Pattern=^1.

- -		 -Yes -
modeModeType -

Configure the mode for this control plane. -Currently, two options are supported: “ACTIVE” and “PASSIVE”. -ACTIVE mode means that a full-fledged Istio control plane will be deployed and operated -(usually called primary cluster in upstream Istio terminology). -PASSIVE mode means that only a few resources will be installed for sidecar injection and cross-cluster -communication, it is used for multi cluster setups (this is the remote cluster in upstream Istio terminology). -+kubebuilder:validation:Enum=ACTIVE;PASSIVE

- -		 -Yes -
loggingLoggingConfiguration -

Logging configurations.

- -		 -No -
mountMtlsCertsBoolValue -

Use the user-specified, secret volume mounted key and certs for Pilot and workloads.

- -		 -No -
istiodIstiodConfiguration -

Istiod configuration.

- -		 -No -
proxyProxyConfiguration -

Proxy configuration options.

- -		 -No -
proxyInitProxyInitConfiguration -

Proxy Init configuration options.

- -		 -No -
telemetryV2TelemetryV2Configuration -

Telemetry V2 configuration.

- -		 -No -
sdsSDSConfiguration -

If SDS is configured, mTLS certificates for the sidecars will be distributed through the -SecretDiscoveryService instead of using K8S secrets to mount the certificates.

- -		 -No -
proxyWasmProxyWasmConfiguration -

ProxyWasm configuration options.

- -		 -No -
watchOneNamespaceBoolValue -

Whether to restrict the applications namespace the controller manages. -If not set, controller watches all namespaces

- -		 -No -
jwtPolicyJWTPolicyType -

Configure the policy for validating JWT. -Currently, two options are supported: “third-party-jwt” and “first-party-jwt”. -+kubebuilder:validation:Enum=THIRD_PARTY_JWT;FIRST_PARTY_JWT

- -		 -No -
caAddressstring -

The customized CA address to retrieve certificates for the pods in the cluster. -CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint.

- -		 -No -
caProviderstring -

The name of the CA for workload certificates.

- -		 -No -
distributionstring -

Contains the intended distribution for the Istio control plane. -The official distribution is used by default unless special preserved distribution value is set. -The only preserved distribution is “cisco” as of now.

- -		 -No -
httpProxyEnvsHTTPProxyEnvsConfiguration -

Upstream HTTP proxy properties to be injected as environment variables to the pod containers.

- -		 -No -
meshConfigMeshConfig -

Defines mesh-wide settings for the Istio control plane.

- -		 -No -
k8sResourceOverlaysK8sResourceOverlayPatch[] -

K8s resource overlay patches

- -		 -No -
meshIDstring -

Name of the Mesh to which this control plane belongs.

- -		 -No -
containerImageConfigurationContainerImageConfiguration -

Global configuration for container images.

- -		 -No -
meshExpansionMeshExpansionConfiguration -

Mesh expansion configuration

- -		 -No -
clusterIDstring -

Cluster ID

- -		 -No -
networkNamestring -

Network defines the network this cluster belongs to. This name -corresponds to the networks in the map of mesh networks. -+default=network1

- -		 -No -
sidecarInjectorSidecarInjectorConfiguration -

Standalone sidecar injector configuration.

- -		 -No -
tracerTracing -

Tracing defines configuration for the tracing performed by Envoy instances.

- -		 -No -
-
-

SidecarInjectorConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
deploymentBaseKubernetesResourceConfig -

Deployment spec

- -		 -No -
serviceService -

Service spec

- -		 -No -
templatesSidecarInjectionTemplates -

Fields to introduce sidecar injection template customizations

- -		 -No -
-
-

SidecarInjectionTemplates

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
sidecarstring -

Overrides for the default “sidecar” injection template. This template will be merged with the default “sidecar” template, overwriting values, if existing.

- -		 -No -
gatewaystring -

Overrides for the default “gateway” injection template. This template will be merged with the default “gateway” template, overwriting values, if existing.

- -		 -No -
customTemplatesCustomSidecarInjectionTemplates[] -

Custom templates can be defined for sidecar injection. These templates can be applied by annotating pods with “inject.istio.io/templates=”. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental.

- -		 -No -
-
-

CustomSidecarInjectionTemplates

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring - -No -
templatestring - -No -
-
-

MeshExpansionConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
gatewayIstioMeshGatewayConfiguration - -No -
istiodIstiod -

istiod component configuration

- -		 -No -
webhookWebhook -

webhook component configuration

- -		 -No -
clusterServicesClusterServices -

cluster services configuration

- -		 -No -
-
-

LoggingConfiguration

-
-

Comma-separated minimum per-scope logging level of messages to output, in the form of :,: -The control plane has different scopes depending on component, but can configure default log level across all components -If empty, default scope and level will be used as configured in code

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
levelstring -

+kubebuilder:validation:Pattern=^([a-zA-Z]+:[a-zA-Z]+,?)+$

- -		 -No -
-
-

SDSConfiguration

-
-

SDSConfiguration defines Secret Discovery Service config options

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
tokenAudiencestring -

The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. -When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - JWT is intended for the CA.

- -		 -No -
-
-

ProxyConfiguration

-
-

ProxyConfiguration defines config options for Proxy

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
imagestring - -No -
privilegedBoolValue -

If set to true, istio-proxy container will have privileged securityContext

- -		 -No -
enableCoreDumpBoolValue -

If set, newly injected sidecars will have core dumps enabled.

- -		 -No -
logLevelProxyLogLevel -

Log level for proxy, applies to gateways and sidecars. If left empty, “warning” is used. -Expected values are: trace|debug|info|warning|error|critical|off -+kubebuilder:validation:Enum=TRACE;DEBUG;INFO;WARNING;ERROR;CRITICAL;OFF

- -		 -No -
componentLogLevelstring -

Per Component log level for proxy, applies to gateways and sidecars. If a component level is -not set, then the “LogLevel” will be used. If left empty, “misc:error” is used.

- -		 -No -
clusterDomainstring -

cluster domain. Default value is “cluster.local”

- -		 -No -
holdApplicationUntilProxyStartsBoolValue -

Controls if sidecar is injected at the front of the container list and blocks -the start of the other containers until the proxy is ready -Default value is ‘false’.

- -		 -No -
lifecycleLifecycle - -No -
resourcesResourceRequirements - -No -
includeIPRangesstring -

IncludeIPRanges the range where to capture egress traffic

- -		 -No -
excludeIPRangesstring -

ExcludeIPRanges the range where not to capture egress traffic

- -		 -No -
excludeInboundPortsstring -

ExcludeInboundPorts the comma separated list of inbound ports to be excluded from redirection to Envoy

- -		 -No -
excludeOutboundPortsstring -

ExcludeOutboundPorts the comma separated list of outbound ports to be excluded from redirection to Envoy

- -		 -No -
tracerstring (oneof) -

Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver

- -		 -No -
-
-

ProxyInitConfiguration

-
-

ProxyInitConfiguration defines config options for Proxy Init containers

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
imagestring - -No -
resourcesResourceRequirements - -No -
cniCNIConfiguration - -No -
-
-

CNIConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
chainedBoolValue - -No -
binDirstring - -No -
confDirstring - -No -
excludeNamespacesstring[] - -No -
includeNamespacesstring[] - -No -
logLevelstring - -No -
confFileNamestring - -No -
pspClusterRoleNamestring - -No -
repairRepairConfiguration - -No -
taintTaintConfiguration - -No -
resourceQuotasResourceQuotas - -No -
daemonsetBaseKubernetesResourceConfig - -No -
-
-

IstiodConfiguration

-
-

IstiodConfiguration defines config options for Istiod

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
deploymentBaseKubernetesResourceConfig -

Deployment spec

- -		 -No -
enableAnalysisBoolValue -

If enabled, pilot will run Istio analyzers and write analysis errors to the Status field of any Istio Resources

- -		 -No -
enableStatusBoolValue -

If enabled, pilot will update the CRD Status field of all Istio resources with reconciliation status

- -		 -No -
externalIstiodExternalIstiodConfiguration -

Settings for local istiod to control remote clusters as well

- -		 -No -
traceSamplingFloatValue - -No -
enableProtocolSniffingOutboundBoolValue -

If enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported

- -		 -No -
enableProtocolSniffingInboundBoolValue -

If enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported

- -		 -No -
certProviderPilotCertProviderType -

Configure the certificate provider for control plane communication. -Currently, two providers are supported: “kubernetes” and “istiod”. -As some platforms may not have kubernetes signing APIs, -Istiod is the default -+kubebuilder:validation:Enum=KUBERNETES;ISTIOD

- -		 -No -
spiffeSPIFFEConfiguration -

SPIFFE configuration of Pilot

- -		 -No -
-
-

ExternalIstiodConfiguration

-
-

ExternalIstiodConfiguration defines settings for local istiod to control remote clusters as well

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
-
-

SPIFFEConfiguration

-
-

SPIFFEConfiguration is for SPIFFE configuration of Pilot

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
operatorEndpointsOperatorEndpointsConfiguration - -No -
-
-

OperatorEndpointsConfiguration

-
-

OperatorEndpointsConfiguration defines config options for automatic SPIFFE endpoints

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
-
-

TelemetryV2Configuration

-
- - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
-
-

ProxyWasmConfiguration

-
-

ProxyWasmConfiguration defines config options for Envoy wasm

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
-
-

PDBConfiguration

-
-

PDBConfiguration holds Pod Disruption Budget related config options

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
-
-

HTTPProxyEnvsConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
httpProxystring - -No -
httpsProxystring - -No -
noProxystring - -No -
-
-

IstioControlPlaneStatus

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
statusConfigState -

Reconciliation status of the Istio control plane

- -		 -No -
clusterIDstring -

Cluster ID

- -		 -No -
istioControlPlaneNamestring -

Name of the IstioControlPlane resource -It is used on remote clusters in the PeerIstioControlPlane resource status -to identify the original Istio control plane

- -		 -No -
gatewayAddressstring[] -

Current addresses for the corresponding gateways

- -		 -No -
istiodAddressesstring[] -

Current addresses for the corresponding istiod pods

- -		 -No -
injectionNamespacesstring[] -

Namespaces which are set for injection for this control plane

- -		 -No -
caRootCertificatestring -

Istio CA root certificate

- -		 -No -
errorMessagestring -

Reconciliation error message if any

- -		 -No -
meshConfigMeshConfig - -No -
checksumsStatusChecksums - -No -
-
-

StatusChecksums

-
- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
meshConfigstring - -No -
sidecarInjectorstring - -No -
-
-

MeshExpansionConfiguration.Istiod

-
- - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
exposeBoolValue - -No -
-
-

MeshExpansionConfiguration.Webhook

-
- - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
exposeBoolValue - -No -
-
-

MeshExpansionConfiguration.ClusterServices

-
- - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
exposeBoolValue - -No -
-
-

MeshExpansionConfiguration.IstioMeshGatewayConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta -

Istio Mesh gateway metadata

- -		 -No -
deploymentBaseKubernetesResourceConfig -

Deployment spec

- -		 -No -
serviceUnprotectedService -

Service spec

- -		 -No -
runAsRootBoolValue -

Whether to run the gateway in a privileged container

- -		 -No -
k8sResourceOverlaysK8sResourceOverlayPatch[] -

K8s resource overlay patches

- -		 -No -
-
-

CNIConfiguration.RepairConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
labelPodsBoolValue - -No -
deletePodsBoolValue - -No -
initContainerNamestring - -No -
brokenPodLabelKeystring - -No -
brokenPodLabelValuestring - -No -
-
-

CNIConfiguration.TaintConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
containerBaseKubernetesContainerConfiguration - -No -
-
-

CNIConfiguration.ResourceQuotas

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
enabledBoolValue - -No -
podsstring - -No -
priorityClassesstring[] - -No -
-
-

K8sResourceOverlayPatch

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
groupVersionKindGroupVersionKind - -No -
objectKeyNamespacedName - -No -
patchesPatch[] - -No -
-
-

ContainerImageConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
hubstring -

Default hub for container images.

- -		 -No -
tagstring -

Default tag for container images.

- -		 -No -
imagePullPolicystring -

Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -+optional -+kubebuilder:validation:Enum=Always;Never;IfNotPresent

- -		 -No -
imagePullSecretsLocalObjectReference[] -

ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. -+optional

- -		 -No -
-
-

istio.mesh.v1alpha1.Tracing

-
-

Tracing defines configuration for the tracing performed by Envoy instances.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
zipkinZipkin (oneof) -

Use a Zipkin tracer.

- -		 -No -
lightstepLightstep (oneof) -

Use a Lightstep tracer. -NOTE: For Istio 1.15+, this configuration option will result -in using OpenTelemetry-based Lightstep integration.

- -		 -No -
datadogDatadog (oneof) -

Use a Datadog tracer.

- -		 -No -
stackdriverStackdriver (oneof) -

Use a Stackdriver tracer.

- -		 -No -
openCensusAgentOpenCensusAgent (oneof) -

Use an OpenCensus tracer exporting to an OpenCensus agent.

- -		 -No -
samplingdouble -

The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, -if not requested by the client or not forced. Default is 1.0.

- -		 -No -
tlsSettingsClientTLSSettings -

Use the tls_settings to specify the tls mode to use. If the remote tracing service -uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS -mode as ISTIO_MUTUAL.

- -		 -No -
-
-

BaseKubernetesResourceConfig

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta -

Generic k8s resource metadata

- -		 -No -
imagestring -

Standard Kubernetes container image configuration

- -		 -No -
envEnvVar[] -

If present will be appended to the environment variables of the container

- -		 -No -
resourcesResourceRequirements -

Standard Kubernetes resource configuration, memory and CPU resource requirements

- -		 -No -
nodeSelectormap<string, string> -

Standard Kubernetes node selector configuration

- -		 -No -
affinityAffinity -

Standard Kubernetes affinity configuration

- -		 -No -
securityContextSecurityContext -

Standard Kubernetes security context configuration

- -		 -No -
imagePullPolicystring -

Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -+optional

- -		 -No -
imagePullSecretsLocalObjectReference[] -

ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. -+optional

- -		 -No -
priorityClassNamestring -

If specified, indicates the pod’s priority. “system-node-critical” and -“system-cluster-critical” are two special keywords which indicate the -highest priorities with the former being the highest priority. Any other -name must be defined by creating a PriorityClass object with that name. -If not specified, the pod priority will be default or zero if there is no -default. -+optional

- -		 -No -
tolerationsToleration[] -

If specified, the pod’s tolerations. -+optional

- -		 -No -
volumesVolume[] -

List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes -+optional -+patchMergeKey=name -+patchStrategy=merge,retainKeys

- -		 -No -
volumeMountsVolumeMount[] -

Pod volumes to mount into the container’s filesystem. -Cannot be updated. -+optional -+patchMergeKey=mountPath -+patchStrategy=merge

- -		 -No -
replicasReplicas -

Replica configuration

- -		 -No -
podMetadataK8sObjectMeta -

Standard Kubernetes pod annotation and label configuration

- -		 -No -
podDisruptionBudgetPodDisruptionBudget -

PodDisruptionBudget configuration

- -		 -No -
deploymentStrategyDeploymentStrategy -

DeploymentStrategy configuration

- -		 -No -
podSecurityContextPodSecurityContext -

Standard Kubernetes pod security context configuration

- -		 -No -
livenessProbeProbe -

Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
readinessProbeProbe -

Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
topologySpreadConstraintsTopologySpreadConstraint[] -

Used to control how Pods are spread across a cluster among failure-domains. -This can help to achieve high availability as well as efficient resource utilization. -More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints -+optional

- -		 -No -
-
-

Service

-
-

Service describes the attributes that a user creates on a service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta - -No -
portsServicePort[] -

The list of ports that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+patchMergeKey=port -+patchStrategy=merge -+listType=map -+listMapKey=port -+listMapKey=protocol -+kubebuilder:validation:MinItems=1

- -		 -Yes -
selectormap<string, string> -

Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ -+optional

- -		 -No -
clusterIPstring -

clusterIP is the IP address of the service and is usually assigned -randomly by the master. If an address is specified manually and is not in -use by others, it will be allocated to the service; otherwise, creation -of the service will fail. This field can not be changed through updates. -Valid values are “None”, empty string (“”), or a valid IP address. “None” -can be specified for headless services when proxying is not required. -Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if -type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
typestring -

type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -+optional -+kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

- -		 -Yes -
externalIPsstring[] -

externalIPs is a list of IP addresses for which nodes in the cluster -will also accept traffic for this service. These IPs are not managed by -Kubernetes. The user is responsible for ensuring that traffic arrives -at a node with this IP. A common example is external load-balancers -that are not part of the Kubernetes system. -+optional

- -		 -No -
sessionAffinitystring -

Supports “ClientIP” and “None”. Used to maintain session affinity. -Enable client IP based session affinity. -Must be ClientIP or None. -Defaults to None. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
loadBalancerIPstring -

Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. -+optional

- -		 -No -
loadBalancerSourceRangesstring[] -

If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ -+optional

- -		 -No -
externalNamestring -

externalName is the external reference that kubedns or equivalent will -return as a CNAME record for this service. No proxying will be involved. -Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) -and requires Type to be ExternalName. -+optional

- -		 -No -
externalTrafficPolicystring -

externalTrafficPolicy denotes if this Service desires to route external -traffic to node-local or cluster-wide endpoints. “Local” preserves the -client source IP and avoids a second hop for LoadBalancer and Nodeport -type services, but risks potentially imbalanced traffic spreading. -“Cluster” obscures the client source IP and may cause a second hop to -another node, but should have good overall load-spreading. -+optional

- -		 -No -
healthCheckNodePortint32 -

healthCheckNodePort specifies the healthcheck nodePort for the service. -If not specified, HealthCheckNodePort is created by the service api -backend with the allocated nodePort. Will use user-specified nodePort value -if specified by the client. Only effects when Type is set to LoadBalancer -and ExternalTrafficPolicy is set to Local. -+optional

- -		 -No -
publishNotReadyAddressesBoolValue -

publishNotReadyAddresses, when set to true, indicates that DNS implementations -must publish the notReadyAddresses of subsets for the Endpoints associated with -the Service. The default value is false. -The primary use case for setting this field is to use a StatefulSet’s Headless Service -to propagate SRV records for its Pods without respect to their readiness for purpose -of peer discovery. -+optional

- -		 -No -
sessionAffinityConfigSessionAffinityConfig -

sessionAffinityConfig contains the configurations of session affinity. -+optional

- -		 -No -
ipFamilystring -

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. -IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is -available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. -Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which -allocate external load-balancers should use the same IP family. Endpoints for this Service will be of -this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the -cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. -+optional

- -		 -No -
-
-

k8s.io.api.core.v1.Lifecycle

-
-

Lifecycle describes actions that the management system should take in response to container lifecycle -events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -until the action is complete, unless the container process fails, in which case the handler is aborted.

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
postStartLifecycleHandler -

PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -+optional

- -		 -No -
preStopLifecycleHandler -

PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod’s termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod’s termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -+optional

- -		 -No -
-
-

ResourceRequirements

-
-

ResourceRequirements describes the compute resource requirements.

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
limitsmap<string, Quantity> -

Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -+optional

- -		 -No -
requestsmap<string, Quantity> -

Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. -More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -+optional

- -		 -No -
-
-

K8sObjectMeta

-
-

Generic k8s resource metadata

- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
labelsmap<string, string> -

Map of string keys and values that can be used to organize and categorize -(scope and select) objects. May match selectors of replication controllers -and services. -More info: http://kubernetes.io/docs/user-guide/labels -+optional

- -		 -No -
annotationsmap<string, string> -

Annotations is an unstructured key value map stored with a resource that may be -set by external tools to store and retrieve arbitrary metadata. They are not -queryable and should be preserved when modifying objects. -More info: http://kubernetes.io/docs/user-guide/annotations -+optional

- -		 -No -
-
-

UnprotectedService

-
-

Service describes the attributes that a user creates on a service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta - -No -
portsServicePort[] -

The list of ports that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+patchMergeKey=port -+patchStrategy=merge -+listType=map -+listMapKey=port -+listMapKey=protocol

- -		 -No -
selectormap<string, string> -

Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ -+optional

- -		 -No -
clusterIPstring -

clusterIP is the IP address of the service and is usually assigned -randomly by the master. If an address is specified manually and is not in -use by others, it will be allocated to the service; otherwise, creation -of the service will fail. This field can not be changed through updates. -Valid values are “None”, empty string (“”), or a valid IP address. “None” -can be specified for headless services when proxying is not required. -Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if -type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
typestring -

type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -+optional -+kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

- -		 -No -
externalIPsstring[] -

externalIPs is a list of IP addresses for which nodes in the cluster -will also accept traffic for this service. These IPs are not managed by -Kubernetes. The user is responsible for ensuring that traffic arrives -at a node with this IP. A common example is external load-balancers -that are not part of the Kubernetes system. -+optional

- -		 -No -
sessionAffinitystring -

Supports “ClientIP” and “None”. Used to maintain session affinity. -Enable client IP based session affinity. -Must be ClientIP or None. -Defaults to None. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
loadBalancerIPstring -

Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. -+optional

- -		 -No -
loadBalancerSourceRangesstring[] -

If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ -+optional

- -		 -No -
externalNamestring -

externalName is the external reference that kubedns or equivalent will -return as a CNAME record for this service. No proxying will be involved. -Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) -and requires Type to be ExternalName. -+optional

- -		 -No -
externalTrafficPolicystring -

externalTrafficPolicy denotes if this Service desires to route external -traffic to node-local or cluster-wide endpoints. “Local” preserves the -client source IP and avoids a second hop for LoadBalancer and Nodeport -type services, but risks potentially imbalanced traffic spreading. -“Cluster” obscures the client source IP and may cause a second hop to -another node, but should have good overall load-spreading. -+optional

- -		 -No -
healthCheckNodePortint32 -

healthCheckNodePort specifies the healthcheck nodePort for the service. -If not specified, HealthCheckNodePort is created by the service api -backend with the allocated nodePort. Will use user-specified nodePort value -if specified by the client. Only effects when Type is set to LoadBalancer -and ExternalTrafficPolicy is set to Local. -+optional

- -		 -No -
publishNotReadyAddressesBoolValue -

publishNotReadyAddresses, when set to true, indicates that DNS implementations -must publish the notReadyAddresses of subsets for the Endpoints associated with -the Service. The default value is false. -The primary use case for setting this field is to use a StatefulSet’s Headless Service -to propagate SRV records for its Pods without respect to their readiness for purpose -of peer discovery. -+optional

- -		 -No -
sessionAffinityConfigSessionAffinityConfig -

sessionAffinityConfig contains the configurations of session affinity. -+optional

- -		 -No -
ipFamilystring -

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. -IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is -available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. -Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which -allocate external load-balancers should use the same IP family. Endpoints for this Service will be of -this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the -cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. -+optional

- -		 -No -
-
-

BaseKubernetesContainerConfiguration

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
imagestring -

Standard Kubernetes container image configuration

- -		 -No -
envEnvVar[] -

If present will be appended to the environment variables of the container

- -		 -No -
resourcesResourceRequirements -

Standard Kubernetes resource configuration, memory and CPU resource requirements

- -		 -No -
securityContextSecurityContext -

Standard Kubernetes security context configuration

- -		 -No -
volumeMountsVolumeMount[] -

Pod volumes to mount into the container’s filesystem. -Cannot be updated. -+optional -+patchMergeKey=mountPath -+patchStrategy=merge

- -		 -No -
-
-

ModeType

-
- - - - - - - - - - - - - - - - - - - - - -
NameDescription
ModeType_UNSPECIFIED -
ACTIVE -
PASSIVE -
-
-

ProxyLogLevel

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription
ProxyLogLevel_UNSPECIFIED -
TRACE -
DEBUG -
INFO -
WARNING -
ERROR -
CRITICAL -
OFF -
-
-

PilotCertProviderType

-
- - - - - - - - - - - - - - - - - - - - - -
NameDescription
PilotCertProviderType_UNSPECIFIED -
KUBERNETES -
ISTIOD -
-
-

JWTPolicyType

-
- - - - - - - - - - - - - - - - - - - - - -
NameDescription
JWTPolicyType_UNSPECIFIED -
THIRD_PARTY_JWT -
FIRST_PARTY_JWT -
-
-

ConfigState

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription
Unspecified -
Created -
ReconcileFailed -
Reconciling -
Available -
Unmanaged -
-
diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.proto b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.proto deleted file mode 100644 index 4865d0535..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane.proto +++ /dev/null @@ -1,411 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "api/v1alpha1/common.proto"; -import "api/v1alpha1/istiomeshgateway.proto"; -import "k8s.io/api/core/v1/generated.proto"; -import "mesh/v1alpha1/config.proto"; -import "mesh/v1alpha1/proxy.proto"; -import "google/api/field_behavior.proto"; -import "google/protobuf/wrappers.proto"; - -// $schema: istio-operator.api.v1alpha1.IstioControlPlaneSpec -// $title: Istio ControlPlane Spec -// $description: Istio control plane descriptor - -package istio_operator.v2.api.v1alpha1; - -option go_package = "github.com/banzaicloud/istio-operator/v2/api/v1alpha1"; - -// IstioControlPlane defines an Istio control plane -// -// -// -// -message IstioControlPlaneSpec { - // Contains the intended version for the Istio control plane. - // +kubebuilder:validation:Pattern=^1\. - string version = 1 [(google.api.field_behavior) = REQUIRED]; - // Configure the mode for this control plane. - // Currently, two options are supported: "ACTIVE" and "PASSIVE". - // ACTIVE mode means that a full-fledged Istio control plane will be deployed and operated - // (usually called primary cluster in upstream Istio terminology). - // PASSIVE mode means that only a few resources will be installed for sidecar injection and cross-cluster - // communication, it is used for multi cluster setups (this is the remote cluster in upstream Istio terminology). - // +kubebuilder:validation:Enum=ACTIVE;PASSIVE - ModeType mode = 2 [(google.api.field_behavior) = REQUIRED]; - // Logging configurations. - LoggingConfiguration logging = 3; - // Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - google.protobuf.BoolValue mountMtlsCerts = 4; - // Istiod configuration. - IstiodConfiguration istiod = 5; - // Proxy configuration options. - ProxyConfiguration proxy = 6; - // Proxy Init configuration options. - ProxyInitConfiguration proxyInit = 7; - // Telemetry V2 configuration. - TelemetryV2Configuration telemetryV2 = 8; - // If SDS is configured, mTLS certificates for the sidecars will be distributed through the - // SecretDiscoveryService instead of using K8S secrets to mount the certificates. - SDSConfiguration sds = 9; - // ProxyWasm configuration options. - ProxyWasmConfiguration proxyWasm = 10; - // Whether to restrict the applications namespace the controller manages. - // If not set, controller watches all namespaces - google.protobuf.BoolValue watchOneNamespace = 11; - // Configure the policy for validating JWT. - // Currently, two options are supported: "third-party-jwt" and "first-party-jwt". - // +kubebuilder:validation:Enum=THIRD_PARTY_JWT;FIRST_PARTY_JWT - JWTPolicyType jwtPolicy = 12; - // The customized CA address to retrieve certificates for the pods in the cluster. - // CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - string caAddress = 13; - // The name of the CA for workload certificates. - string caProvider = 14; - // Contains the intended distribution for the Istio control plane. - // The official distribution is used by default unless special preserved distribution value is set. - // The only preserved distribution is "cisco" as of now. - string distribution = 15; - // Upstream HTTP proxy properties to be injected as environment variables to the pod containers. - HTTPProxyEnvsConfiguration httpProxyEnvs = 16; - // Defines mesh-wide settings for the Istio control plane. - istio.mesh.v1alpha1.MeshConfig meshConfig = 17; - // K8s resource overlay patches - repeated K8sResourceOverlayPatch k8sResourceOverlays = 18; - // Name of the Mesh to which this control plane belongs. - string meshID = 19; - // Global configuration for container images. - ContainerImageConfiguration containerImageConfiguration = 20; - // Mesh expansion configuration - MeshExpansionConfiguration meshExpansion = 21; - // Cluster ID - string clusterID = 22; - // Network defines the network this cluster belongs to. This name - // corresponds to the networks in the map of mesh networks. - // +default=network1 - string networkName = 23; - // Standalone sidecar injector configuration. - SidecarInjectorConfiguration sidecarInjector = 24; - // Tracing defines configuration for the tracing performed by Envoy instances. - istio.mesh.v1alpha1.Tracing tracer = 25; -} - -enum ModeType { - ModeType_UNSPECIFIED = 0; - ACTIVE = 1; - PASSIVE = 2; -} - -message SidecarInjectorConfiguration { - // Deployment spec - BaseKubernetesResourceConfig deployment = 1; - // Service spec - Service service = 2; - // Fields to introduce sidecar injection template customizations - SidecarInjectionTemplates templates = 3; -} - -message SidecarInjectionTemplates { - // Overrides for the default "sidecar" injection template. This template will be merged with the default "sidecar" template, overwriting values, if existing. - string sidecar = 1; - // Overrides for the default "gateway" injection template. This template will be merged with the default "gateway" template, overwriting values, if existing. - string gateway = 2; - // Custom templates can be defined for sidecar injection. These templates can be applied by annotating pods with "inject.istio.io/templates=". See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental. - repeated CustomSidecarInjectionTemplates customTemplates = 3; -} - -message CustomSidecarInjectionTemplates { - string name = 1; - string template = 2; -} - -message MeshExpansionConfiguration { - google.protobuf.BoolValue enabled = 1; - message Istiod { - google.protobuf.BoolValue expose = 1; - } - message Webhook { - google.protobuf.BoolValue expose = 1; - } - message ClusterServices { - google.protobuf.BoolValue expose = 1; - } - message IstioMeshGatewayConfiguration { - // Istio Mesh gateway metadata - K8sObjectMeta metadata = 1; - // Deployment spec - BaseKubernetesResourceConfig deployment = 2; - // Service spec - UnprotectedService service = 3; - // Whether to run the gateway in a privileged container - google.protobuf.BoolValue runAsRoot = 4; - // K8s resource overlay patches - repeated K8sResourceOverlayPatch k8sResourceOverlays = 5; - } - IstioMeshGatewayConfiguration gateway = 2; - // istiod component configuration - Istiod istiod = 3; - // webhook component configuration - Webhook webhook = 4; - // cluster services configuration - ClusterServices clusterServices = 5; -} - -// Comma-separated minimum per-scope logging level of messages to output, in the form of :,: -// The control plane has different scopes depending on component, but can configure default log level across all components -// If empty, default scope and level will be used as configured in code -message LoggingConfiguration { - // +kubebuilder:validation:Pattern=`^([a-zA-Z]+:[a-zA-Z]+,?)+$` - string level = 1; -} - -// SDSConfiguration defines Secret Discovery Service config options -message SDSConfiguration { - // The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - // When a CSR is sent from Citadel Agent to the CA (e.g. Citadel), this aud is to make sure the - // JWT is intended for the CA. - string tokenAudience = 1; -} - -// ProxyConfiguration defines config options for Proxy -message ProxyConfiguration { - string image = 1; - // If set to true, istio-proxy container will have privileged securityContext - google.protobuf.BoolValue privileged = 2; - // If set, newly injected sidecars will have core dumps enabled. - google.protobuf.BoolValue enableCoreDump = 3; - // Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. - // Expected values are: trace|debug|info|warning|error|critical|off - // +kubebuilder:validation:Enum=TRACE;DEBUG;INFO;WARNING;ERROR;CRITICAL;OFF - ProxyLogLevel logLevel = 4; - // Per Component log level for proxy, applies to gateways and sidecars. If a component level is - // not set, then the "LogLevel" will be used. If left empty, "misc:error" is used. - string componentLogLevel = 5; - // cluster domain. Default value is "cluster.local" - string clusterDomain = 6; - // Controls if sidecar is injected at the front of the container list and blocks - // the start of the other containers until the proxy is ready - // Default value is 'false'. - google.protobuf.BoolValue holdApplicationUntilProxyStarts = 7; - k8s.io.api.core.v1.Lifecycle lifecycle = 8; - ResourceRequirements resources = 9; - // IncludeIPRanges the range where to capture egress traffic - string includeIPRanges = 10; - // ExcludeIPRanges the range where not to capture egress traffic - string excludeIPRanges = 11; - // ExcludeInboundPorts the comma separated list of inbound ports to be excluded from redirection to Envoy - string excludeInboundPorts = 12; - // ExcludeOutboundPorts the comma separated list of outbound ports to be excluded from redirection to Envoy - string excludeOutboundPorts = 13; - // Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver - optional string tracer = 14; -} - -enum ProxyLogLevel { - ProxyLogLevel_UNSPECIFIED = 0; - TRACE = 1; - DEBUG = 2; - INFO = 3; - WARNING = 4; - ERROR = 5; - CRITICAL = 6; - OFF = 7; -} - -// ProxyInitConfiguration defines config options for Proxy Init containers -message ProxyInitConfiguration { - string image = 1; - ResourceRequirements resources = 2; - CNIConfiguration cni = 3; -} - -message CNIConfiguration { - google.protobuf.BoolValue enabled = 1; - google.protobuf.BoolValue chained = 2; - string binDir = 4; - string confDir = 5; - repeated string excludeNamespaces = 6; - repeated string includeNamespaces = 7; - string logLevel = 8; - string confFileName = 9; - string pspClusterRoleName = 10; - - message RepairConfiguration { - google.protobuf.BoolValue enabled = 1; - google.protobuf.BoolValue labelPods = 2; - google.protobuf.BoolValue deletePods = 3; - string initContainerName = 4; - string brokenPodLabelKey = 5; - string brokenPodLabelValue = 6; - } - RepairConfiguration repair = 11; - - message TaintConfiguration { - google.protobuf.BoolValue enabled = 1; - BaseKubernetesContainerConfiguration container = 2; - } - TaintConfiguration taint = 12; - - message ResourceQuotas { - google.protobuf.BoolValue enabled = 1; - string pods = 2; - repeated string priorityClasses = 3; - } - ResourceQuotas resourceQuotas = 13; - - BaseKubernetesResourceConfig daemonset = 14; -} - -// IstiodConfiguration defines config options for Istiod -message IstiodConfiguration { - // Deployment spec - BaseKubernetesResourceConfig deployment = 1; - // If enabled, pilot will run Istio analyzers and write analysis errors to the Status field of any Istio Resources - google.protobuf.BoolValue enableAnalysis = 2; - // If enabled, pilot will update the CRD Status field of all Istio resources with reconciliation status - google.protobuf.BoolValue enableStatus = 3; - // Settings for local istiod to control remote clusters as well - ExternalIstiodConfiguration externalIstiod = 4; - google.protobuf.FloatValue traceSampling = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - // If enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported - google.protobuf.BoolValue enableProtocolSniffingOutbound = 6; - // If enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported - google.protobuf.BoolValue enableProtocolSniffingInbound = 7; - // Configure the certificate provider for control plane communication. - // Currently, two providers are supported: "kubernetes" and "istiod". - // As some platforms may not have kubernetes signing APIs, - // Istiod is the default - // +kubebuilder:validation:Enum=KUBERNETES;ISTIOD - PilotCertProviderType certProvider = 8; - // SPIFFE configuration of Pilot - SPIFFEConfiguration spiffe = 9; -} - -// ExternalIstiodConfiguration defines settings for local istiod to control remote clusters as well -message ExternalIstiodConfiguration { - google.protobuf.BoolValue enabled = 1; -} - -enum PilotCertProviderType { - PilotCertProviderType_UNSPECIFIED = 0; - KUBERNETES = 1; - ISTIOD = 2; -} - -// SPIFFEConfiguration is for SPIFFE configuration of Pilot -message SPIFFEConfiguration { - OperatorEndpointsConfiguration operatorEndpoints = 1; -} - -// OperatorEndpointsConfiguration defines config options for automatic SPIFFE endpoints -message OperatorEndpointsConfiguration { - google.protobuf.BoolValue enabled = 1; -} - -message TelemetryV2Configuration { - google.protobuf.BoolValue enabled = 1; -} - -// ProxyWasmConfiguration defines config options for Envoy wasm -message ProxyWasmConfiguration { - google.protobuf.BoolValue enabled = 1; -} - -// PDBConfiguration holds Pod Disruption Budget related config options -message PDBConfiguration { - google.protobuf.BoolValue enabled = 1; -} - -enum JWTPolicyType { - JWTPolicyType_UNSPECIFIED = 0; - THIRD_PARTY_JWT = 1; - FIRST_PARTY_JWT = 2; -} - -message HTTPProxyEnvsConfiguration { - string httpProxy = 1; - string httpsProxy = 2; - string noProxy = 3; -} - -// -message IstioControlPlaneStatus { - // Reconciliation status of the Istio control plane - ConfigState status = 1; - - // Cluster ID - string clusterID = 2; - - // Name of the IstioControlPlane resource - // It is used on remote clusters in the PeerIstioControlPlane resource status - // to identify the original Istio control plane - string istioControlPlaneName = 3; - - // Current addresses for the corresponding gateways - repeated string gatewayAddress = 4; - - // Current addresses for the corresponding istiod pods - repeated string istiodAddresses = 5; - - // Namespaces which are set for injection for this control plane - repeated string injectionNamespaces = 6; - - // Istio CA root certificate - string caRootCertificate = 7; - - // Reconciliation error message if any - string errorMessage = 8; - - istio.mesh.v1alpha1.MeshConfig meshConfig = 9; - - StatusChecksums checksums = 10; -} - -// -message StatusChecksums { - string meshConfig = 1; - string sidecarInjector = 2; -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_deepcopy.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_deepcopy.gen.go deleted file mode 100644 index d037fbf5e..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_deepcopy.gen.go +++ /dev/null @@ -1,573 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1alpha1 - -import ( - proto "github.com/golang/protobuf/proto" -) - -// DeepCopyInto supports using IstioControlPlaneSpec within kubernetes types, where deepcopy-gen is used. -func (in *IstioControlPlaneSpec) DeepCopyInto(out *IstioControlPlaneSpec) { - p := proto.Clone(in).(*IstioControlPlaneSpec) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneSpec. Required by controller-gen. -func (in *IstioControlPlaneSpec) DeepCopy() *IstioControlPlaneSpec { - if in == nil { - return nil - } - out := new(IstioControlPlaneSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneSpec. Required by controller-gen. -func (in *IstioControlPlaneSpec) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SidecarInjectorConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *SidecarInjectorConfiguration) DeepCopyInto(out *SidecarInjectorConfiguration) { - p := proto.Clone(in).(*SidecarInjectorConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarInjectorConfiguration. Required by controller-gen. -func (in *SidecarInjectorConfiguration) DeepCopy() *SidecarInjectorConfiguration { - if in == nil { - return nil - } - out := new(SidecarInjectorConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarInjectorConfiguration. Required by controller-gen. -func (in *SidecarInjectorConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SidecarInjectionTemplates within kubernetes types, where deepcopy-gen is used. -func (in *SidecarInjectionTemplates) DeepCopyInto(out *SidecarInjectionTemplates) { - p := proto.Clone(in).(*SidecarInjectionTemplates) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarInjectionTemplates. Required by controller-gen. -func (in *SidecarInjectionTemplates) DeepCopy() *SidecarInjectionTemplates { - if in == nil { - return nil - } - out := new(SidecarInjectionTemplates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarInjectionTemplates. Required by controller-gen. -func (in *SidecarInjectionTemplates) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CustomSidecarInjectionTemplates within kubernetes types, where deepcopy-gen is used. -func (in *CustomSidecarInjectionTemplates) DeepCopyInto(out *CustomSidecarInjectionTemplates) { - p := proto.Clone(in).(*CustomSidecarInjectionTemplates) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSidecarInjectionTemplates. Required by controller-gen. -func (in *CustomSidecarInjectionTemplates) DeepCopy() *CustomSidecarInjectionTemplates { - if in == nil { - return nil - } - out := new(CustomSidecarInjectionTemplates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CustomSidecarInjectionTemplates. Required by controller-gen. -func (in *CustomSidecarInjectionTemplates) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MeshExpansionConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *MeshExpansionConfiguration) DeepCopyInto(out *MeshExpansionConfiguration) { - p := proto.Clone(in).(*MeshExpansionConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration. Required by controller-gen. -func (in *MeshExpansionConfiguration) DeepCopy() *MeshExpansionConfiguration { - if in == nil { - return nil - } - out := new(MeshExpansionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration. Required by controller-gen. -func (in *MeshExpansionConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MeshExpansionConfiguration_Istiod within kubernetes types, where deepcopy-gen is used. -func (in *MeshExpansionConfiguration_Istiod) DeepCopyInto(out *MeshExpansionConfiguration_Istiod) { - p := proto.Clone(in).(*MeshExpansionConfiguration_Istiod) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_Istiod. Required by controller-gen. -func (in *MeshExpansionConfiguration_Istiod) DeepCopy() *MeshExpansionConfiguration_Istiod { - if in == nil { - return nil - } - out := new(MeshExpansionConfiguration_Istiod) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_Istiod. Required by controller-gen. -func (in *MeshExpansionConfiguration_Istiod) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MeshExpansionConfiguration_Webhook within kubernetes types, where deepcopy-gen is used. -func (in *MeshExpansionConfiguration_Webhook) DeepCopyInto(out *MeshExpansionConfiguration_Webhook) { - p := proto.Clone(in).(*MeshExpansionConfiguration_Webhook) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_Webhook. Required by controller-gen. -func (in *MeshExpansionConfiguration_Webhook) DeepCopy() *MeshExpansionConfiguration_Webhook { - if in == nil { - return nil - } - out := new(MeshExpansionConfiguration_Webhook) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_Webhook. Required by controller-gen. -func (in *MeshExpansionConfiguration_Webhook) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MeshExpansionConfiguration_ClusterServices within kubernetes types, where deepcopy-gen is used. -func (in *MeshExpansionConfiguration_ClusterServices) DeepCopyInto(out *MeshExpansionConfiguration_ClusterServices) { - p := proto.Clone(in).(*MeshExpansionConfiguration_ClusterServices) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_ClusterServices. Required by controller-gen. -func (in *MeshExpansionConfiguration_ClusterServices) DeepCopy() *MeshExpansionConfiguration_ClusterServices { - if in == nil { - return nil - } - out := new(MeshExpansionConfiguration_ClusterServices) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_ClusterServices. Required by controller-gen. -func (in *MeshExpansionConfiguration_ClusterServices) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MeshExpansionConfiguration_IstioMeshGatewayConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) DeepCopyInto(out *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) { - p := proto.Clone(in).(*MeshExpansionConfiguration_IstioMeshGatewayConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_IstioMeshGatewayConfiguration. Required by controller-gen. -func (in *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) DeepCopy() *MeshExpansionConfiguration_IstioMeshGatewayConfiguration { - if in == nil { - return nil - } - out := new(MeshExpansionConfiguration_IstioMeshGatewayConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshExpansionConfiguration_IstioMeshGatewayConfiguration. Required by controller-gen. -func (in *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoggingConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *LoggingConfiguration) DeepCopyInto(out *LoggingConfiguration) { - p := proto.Clone(in).(*LoggingConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfiguration. Required by controller-gen. -func (in *LoggingConfiguration) DeepCopy() *LoggingConfiguration { - if in == nil { - return nil - } - out := new(LoggingConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfiguration. Required by controller-gen. -func (in *LoggingConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SDSConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *SDSConfiguration) DeepCopyInto(out *SDSConfiguration) { - p := proto.Clone(in).(*SDSConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SDSConfiguration. Required by controller-gen. -func (in *SDSConfiguration) DeepCopy() *SDSConfiguration { - if in == nil { - return nil - } - out := new(SDSConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SDSConfiguration. Required by controller-gen. -func (in *SDSConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ProxyConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *ProxyConfiguration) DeepCopyInto(out *ProxyConfiguration) { - p := proto.Clone(in).(*ProxyConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfiguration. Required by controller-gen. -func (in *ProxyConfiguration) DeepCopy() *ProxyConfiguration { - if in == nil { - return nil - } - out := new(ProxyConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfiguration. Required by controller-gen. -func (in *ProxyConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ProxyInitConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *ProxyInitConfiguration) DeepCopyInto(out *ProxyInitConfiguration) { - p := proto.Clone(in).(*ProxyInitConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyInitConfiguration. Required by controller-gen. -func (in *ProxyInitConfiguration) DeepCopy() *ProxyInitConfiguration { - if in == nil { - return nil - } - out := new(ProxyInitConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProxyInitConfiguration. Required by controller-gen. -func (in *ProxyInitConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CNIConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *CNIConfiguration) DeepCopyInto(out *CNIConfiguration) { - p := proto.Clone(in).(*CNIConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration. Required by controller-gen. -func (in *CNIConfiguration) DeepCopy() *CNIConfiguration { - if in == nil { - return nil - } - out := new(CNIConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration. Required by controller-gen. -func (in *CNIConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CNIConfiguration_RepairConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *CNIConfiguration_RepairConfiguration) DeepCopyInto(out *CNIConfiguration_RepairConfiguration) { - p := proto.Clone(in).(*CNIConfiguration_RepairConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_RepairConfiguration. Required by controller-gen. -func (in *CNIConfiguration_RepairConfiguration) DeepCopy() *CNIConfiguration_RepairConfiguration { - if in == nil { - return nil - } - out := new(CNIConfiguration_RepairConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_RepairConfiguration. Required by controller-gen. -func (in *CNIConfiguration_RepairConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CNIConfiguration_TaintConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *CNIConfiguration_TaintConfiguration) DeepCopyInto(out *CNIConfiguration_TaintConfiguration) { - p := proto.Clone(in).(*CNIConfiguration_TaintConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_TaintConfiguration. Required by controller-gen. -func (in *CNIConfiguration_TaintConfiguration) DeepCopy() *CNIConfiguration_TaintConfiguration { - if in == nil { - return nil - } - out := new(CNIConfiguration_TaintConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_TaintConfiguration. Required by controller-gen. -func (in *CNIConfiguration_TaintConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CNIConfiguration_ResourceQuotas within kubernetes types, where deepcopy-gen is used. -func (in *CNIConfiguration_ResourceQuotas) DeepCopyInto(out *CNIConfiguration_ResourceQuotas) { - p := proto.Clone(in).(*CNIConfiguration_ResourceQuotas) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_ResourceQuotas. Required by controller-gen. -func (in *CNIConfiguration_ResourceQuotas) DeepCopy() *CNIConfiguration_ResourceQuotas { - if in == nil { - return nil - } - out := new(CNIConfiguration_ResourceQuotas) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CNIConfiguration_ResourceQuotas. Required by controller-gen. -func (in *CNIConfiguration_ResourceQuotas) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstiodConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *IstiodConfiguration) DeepCopyInto(out *IstiodConfiguration) { - p := proto.Clone(in).(*IstiodConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstiodConfiguration. Required by controller-gen. -func (in *IstiodConfiguration) DeepCopy() *IstiodConfiguration { - if in == nil { - return nil - } - out := new(IstiodConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstiodConfiguration. Required by controller-gen. -func (in *IstiodConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ExternalIstiodConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *ExternalIstiodConfiguration) DeepCopyInto(out *ExternalIstiodConfiguration) { - p := proto.Clone(in).(*ExternalIstiodConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIstiodConfiguration. Required by controller-gen. -func (in *ExternalIstiodConfiguration) DeepCopy() *ExternalIstiodConfiguration { - if in == nil { - return nil - } - out := new(ExternalIstiodConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIstiodConfiguration. Required by controller-gen. -func (in *ExternalIstiodConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SPIFFEConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *SPIFFEConfiguration) DeepCopyInto(out *SPIFFEConfiguration) { - p := proto.Clone(in).(*SPIFFEConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SPIFFEConfiguration. Required by controller-gen. -func (in *SPIFFEConfiguration) DeepCopy() *SPIFFEConfiguration { - if in == nil { - return nil - } - out := new(SPIFFEConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SPIFFEConfiguration. Required by controller-gen. -func (in *SPIFFEConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using OperatorEndpointsConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *OperatorEndpointsConfiguration) DeepCopyInto(out *OperatorEndpointsConfiguration) { - p := proto.Clone(in).(*OperatorEndpointsConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorEndpointsConfiguration. Required by controller-gen. -func (in *OperatorEndpointsConfiguration) DeepCopy() *OperatorEndpointsConfiguration { - if in == nil { - return nil - } - out := new(OperatorEndpointsConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OperatorEndpointsConfiguration. Required by controller-gen. -func (in *OperatorEndpointsConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TelemetryV2Configuration within kubernetes types, where deepcopy-gen is used. -func (in *TelemetryV2Configuration) DeepCopyInto(out *TelemetryV2Configuration) { - p := proto.Clone(in).(*TelemetryV2Configuration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelemetryV2Configuration. Required by controller-gen. -func (in *TelemetryV2Configuration) DeepCopy() *TelemetryV2Configuration { - if in == nil { - return nil - } - out := new(TelemetryV2Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TelemetryV2Configuration. Required by controller-gen. -func (in *TelemetryV2Configuration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ProxyWasmConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *ProxyWasmConfiguration) DeepCopyInto(out *ProxyWasmConfiguration) { - p := proto.Clone(in).(*ProxyWasmConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyWasmConfiguration. Required by controller-gen. -func (in *ProxyWasmConfiguration) DeepCopy() *ProxyWasmConfiguration { - if in == nil { - return nil - } - out := new(ProxyWasmConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProxyWasmConfiguration. Required by controller-gen. -func (in *ProxyWasmConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using PDBConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *PDBConfiguration) DeepCopyInto(out *PDBConfiguration) { - p := proto.Clone(in).(*PDBConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PDBConfiguration. Required by controller-gen. -func (in *PDBConfiguration) DeepCopy() *PDBConfiguration { - if in == nil { - return nil - } - out := new(PDBConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PDBConfiguration. Required by controller-gen. -func (in *PDBConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPProxyEnvsConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *HTTPProxyEnvsConfiguration) DeepCopyInto(out *HTTPProxyEnvsConfiguration) { - p := proto.Clone(in).(*HTTPProxyEnvsConfiguration) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPProxyEnvsConfiguration. Required by controller-gen. -func (in *HTTPProxyEnvsConfiguration) DeepCopy() *HTTPProxyEnvsConfiguration { - if in == nil { - return nil - } - out := new(HTTPProxyEnvsConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPProxyEnvsConfiguration. Required by controller-gen. -func (in *HTTPProxyEnvsConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioControlPlaneStatus within kubernetes types, where deepcopy-gen is used. -func (in *IstioControlPlaneStatus) DeepCopyInto(out *IstioControlPlaneStatus) { - p := proto.Clone(in).(*IstioControlPlaneStatus) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneStatus. Required by controller-gen. -func (in *IstioControlPlaneStatus) DeepCopy() *IstioControlPlaneStatus { - if in == nil { - return nil - } - out := new(IstioControlPlaneStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneStatus. Required by controller-gen. -func (in *IstioControlPlaneStatus) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using StatusChecksums within kubernetes types, where deepcopy-gen is used. -func (in *StatusChecksums) DeepCopyInto(out *StatusChecksums) { - p := proto.Clone(in).(*StatusChecksums) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusChecksums. Required by controller-gen. -func (in *StatusChecksums) DeepCopy() *StatusChecksums { - if in == nil { - return nil - } - out := new(StatusChecksums) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new StatusChecksums. Required by controller-gen. -func (in *StatusChecksums) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_json.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_json.gen.go deleted file mode 100644 index 9067310c9..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_json.gen.go +++ /dev/null @@ -1,309 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1alpha1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for IstioControlPlaneSpec -func (this *IstioControlPlaneSpec) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioControlPlaneSpec -func (this *IstioControlPlaneSpec) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SidecarInjectorConfiguration -func (this *SidecarInjectorConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SidecarInjectorConfiguration -func (this *SidecarInjectorConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SidecarInjectionTemplates -func (this *SidecarInjectionTemplates) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SidecarInjectionTemplates -func (this *SidecarInjectionTemplates) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CustomSidecarInjectionTemplates -func (this *CustomSidecarInjectionTemplates) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CustomSidecarInjectionTemplates -func (this *CustomSidecarInjectionTemplates) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MeshExpansionConfiguration -func (this *MeshExpansionConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshExpansionConfiguration -func (this *MeshExpansionConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MeshExpansionConfiguration_Istiod -func (this *MeshExpansionConfiguration_Istiod) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshExpansionConfiguration_Istiod -func (this *MeshExpansionConfiguration_Istiod) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MeshExpansionConfiguration_Webhook -func (this *MeshExpansionConfiguration_Webhook) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshExpansionConfiguration_Webhook -func (this *MeshExpansionConfiguration_Webhook) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MeshExpansionConfiguration_ClusterServices -func (this *MeshExpansionConfiguration_ClusterServices) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshExpansionConfiguration_ClusterServices -func (this *MeshExpansionConfiguration_ClusterServices) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MeshExpansionConfiguration_IstioMeshGatewayConfiguration -func (this *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshExpansionConfiguration_IstioMeshGatewayConfiguration -func (this *MeshExpansionConfiguration_IstioMeshGatewayConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoggingConfiguration -func (this *LoggingConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoggingConfiguration -func (this *LoggingConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SDSConfiguration -func (this *SDSConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SDSConfiguration -func (this *SDSConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ProxyConfiguration -func (this *ProxyConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ProxyConfiguration -func (this *ProxyConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ProxyInitConfiguration -func (this *ProxyInitConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ProxyInitConfiguration -func (this *ProxyInitConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CNIConfiguration -func (this *CNIConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CNIConfiguration -func (this *CNIConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CNIConfiguration_RepairConfiguration -func (this *CNIConfiguration_RepairConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CNIConfiguration_RepairConfiguration -func (this *CNIConfiguration_RepairConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CNIConfiguration_TaintConfiguration -func (this *CNIConfiguration_TaintConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CNIConfiguration_TaintConfiguration -func (this *CNIConfiguration_TaintConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CNIConfiguration_ResourceQuotas -func (this *CNIConfiguration_ResourceQuotas) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CNIConfiguration_ResourceQuotas -func (this *CNIConfiguration_ResourceQuotas) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstiodConfiguration -func (this *IstiodConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstiodConfiguration -func (this *IstiodConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ExternalIstiodConfiguration -func (this *ExternalIstiodConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ExternalIstiodConfiguration -func (this *ExternalIstiodConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SPIFFEConfiguration -func (this *SPIFFEConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SPIFFEConfiguration -func (this *SPIFFEConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for OperatorEndpointsConfiguration -func (this *OperatorEndpointsConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for OperatorEndpointsConfiguration -func (this *OperatorEndpointsConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TelemetryV2Configuration -func (this *TelemetryV2Configuration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TelemetryV2Configuration -func (this *TelemetryV2Configuration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ProxyWasmConfiguration -func (this *ProxyWasmConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ProxyWasmConfiguration -func (this *ProxyWasmConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for PDBConfiguration -func (this *PDBConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PDBConfiguration -func (this *PDBConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPProxyEnvsConfiguration -func (this *HTTPProxyEnvsConfiguration) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPProxyEnvsConfiguration -func (this *HTTPProxyEnvsConfiguration) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioControlPlaneStatus -func (this *IstioControlPlaneStatus) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioControlPlaneStatus -func (this *IstioControlPlaneStatus) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for StatusChecksums -func (this *StatusChecksums) MarshalJSON() ([]byte, error) { - str, err := IstiocontrolplaneMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for StatusChecksums -func (this *StatusChecksums) UnmarshalJSON(b []byte) error { - return IstiocontrolplaneUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - IstiocontrolplaneMarshaler = &jsonpb.Marshaler{} - IstiocontrolplaneUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_types.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_types.go deleted file mode 100644 index 8822b43c3..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiocontrolplane_types.go +++ /dev/null @@ -1,243 +0,0 @@ -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - fmt "fmt" - "strings" - - v1alpha1 "istio.io/api/mesh/v1alpha1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -const ( - RevisionedAutoInjectionLabel = "istio.io/rev" - DeprecatedAutoInjectionLabel = "istio-injection" - NamespaceInjectionSourceAnnotation = "controlplane.istio.servicemesh.cisco.com/namespace-injection-source" -) - -type SortableIstioControlPlaneItems []IstioControlPlane - -func (list SortableIstioControlPlaneItems) Len() int { - return len(list) -} - -func (list SortableIstioControlPlaneItems) Swap(i, j int) { - list[i], list[j] = list[j], list[i] -} - -func (list SortableIstioControlPlaneItems) Less(i, j int) bool { - return list[i].CreationTimestamp.Time.Before(list[j].CreationTimestamp.Time) -} - -// +kubebuilder:object:root=true - -// IstioControlPlane is the Schema for the istiocontrolplanes API -// +kubebuilder:resource:path=istiocontrolplanes,shortName=icp;istiocp -type IstioControlPlane struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec *IstioControlPlaneSpec `json:"spec,omitempty"` - Status *IstioControlPlaneStatus `json:"status,omitempty"` -} - -func (icp *IstioControlPlane) SetStatus(status ConfigState, errorMessage string) { - icp.GetStatus().Status = status - icp.GetStatus().ErrorMessage = errorMessage -} - -func (icp *IstioControlPlane) GetStatus() *IstioControlPlaneStatus { - if icp.Status == nil { - icp.Status = &IstioControlPlaneStatus{} - } - - return icp.Status -} - -func (icp *IstioControlPlane) GetSpec() *IstioControlPlaneSpec { - if icp.Spec != nil { - return icp.Spec - } - - return nil -} - -func (r *ResourceRequirements) ConvertToK8sRR() *corev1.ResourceRequirements { - rr := &corev1.ResourceRequirements{ - Limits: make(corev1.ResourceList), - Requests: make(corev1.ResourceList), - } - - if r == nil { - return rr - } - - for k, v := range r.Limits { - rr.Limits[corev1.ResourceName(k)] = v.Quantity - } - - for k, v := range r.Requests { - rr.Requests[corev1.ResourceName(k)] = v.Quantity - } - - return rr -} - -func InitResourceRequirementsFromK8sRR(rr *corev1.ResourceRequirements) *ResourceRequirements { - r := &ResourceRequirements{ - Limits: make(map[string]*Quantity), - Requests: make(map[string]*Quantity), - } - - if rr == nil { - return r - } - - for k, v := range rr.Limits { - r.Limits[string(k)] = &Quantity{ - Quantity: v, - } - } - - for k, v := range rr.Requests { - r.Requests[string(k)] = &Quantity{ - Quantity: v, - } - } - - return r -} - -func (icp *IstioControlPlane) Revision() string { - return strings.ReplaceAll(icp.GetName(), ".", "-") -} - -func (icp *IstioControlPlane) NamespacedRevision() string { - return NamespacedRevision(icp.Revision(), icp.GetNamespace()) -} - -func (icp *IstioControlPlane) RevisionLabels() map[string]string { - return map[string]string{ - RevisionedAutoInjectionLabel: icp.NamespacedRevision(), - } -} - -func (icp *IstioControlPlane) MeshExpansionGatewayLabels() map[string]string { - return map[string]string{ - RevisionedAutoInjectionLabel: icp.NamespacedRevision(), - "app": "istio-meshexpansion-gateway", - } -} - -func (icp *IstioControlPlane) WithRevision(s string) string { - return fmt.Sprintf("%s-%s", s, icp.Revision()) -} - -func (icp *IstioControlPlane) WithRevisionIf(s string, condition bool) string { - if !condition { - return s - } - - return icp.WithRevision(s) -} - -func (icp *IstioControlPlane) WithNamespacedRevision(s string) string { - return fmt.Sprintf("%s-%s", icp.WithRevision(s), icp.GetNamespace()) -} - -func NamespacedRevision(revision, namespace string) string { - return fmt.Sprintf("%s.%s", revision, namespace) -} - -func NamespacedNameFromRevision(revision string) types.NamespacedName { - nn := types.NamespacedName{} - p := strings.SplitN(revision, ".", 2) - if len(p) == 2 { - nn.Name = p[0] - nn.Namespace = p[1] - } - - return nn -} - -// +kubebuilder:object:generate=false -type IstioControlPlaneWithProperties struct { - *IstioControlPlane `json:"istioControlPlane,omitempty"` - Properties IstioControlPlaneProperties `json:"properties,omitempty"` -} - -// Properties of the IstioControlPlane -// +kubebuilder:object:generate=false -type IstioControlPlaneProperties struct { - Mesh *IstioMesh `json:"mesh,omitempty"` - MeshNetworks *v1alpha1.MeshNetworks `json:"meshNetworks,omitempty"` - TrustedRootCACertificatePEMs []string `json:"trustedRootCACertificatePEMs,omitempty"` -} - -func (p IstioControlPlaneProperties) GetMesh() *IstioMesh { - return p.Mesh -} - -// +kubebuilder:object:root=true - -// IstioControlPlaneList contains a list of IstioControlPlane -type IstioControlPlaneList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []IstioControlPlane `json:"items"` -} - -// PeerIstioControlPlane is the Schema for the clone of the istiocontrolplanes API -// +kubebuilder:object:root=true -type PeerIstioControlPlane struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec *IstioControlPlaneSpec `json:"spec,omitempty"` - Status *IstioControlPlaneStatus `json:"status,omitempty"` -} - -func (icp *PeerIstioControlPlane) GetStatus() *IstioControlPlaneStatus { - if icp.Status == nil { - icp.Status = &IstioControlPlaneStatus{} - } - - return icp.Status -} - -func (icp *PeerIstioControlPlane) GetSpec() *IstioControlPlaneSpec { - if icp.Spec != nil { - return icp.Spec - } - - return nil -} - -// PeerIstioControlPlaneList contains a list of PeerIstioControlPlane -// +kubebuilder:object:root=true -type PeerIstioControlPlaneList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []PeerIstioControlPlane `json:"items"` -} - -func init() { - SchemeBuilder.Register(&IstioControlPlane{}, &IstioControlPlaneList{}, &PeerIstioControlPlane{}, &PeerIstioControlPlaneList{}) -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.gen.json b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.gen.json deleted file mode 100644 index ff1d12871..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.gen.json +++ /dev/null @@ -1,1971 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Istio Mesh descriptor", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio.mesh.v1alpha1.AuthenticationPolicy": { - "description": "AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. It can be set for two different scopes, mesh-wide or set on a per-pod basis using the ProxyConfig annotation. Mesh policy cannot be INHERIT.", - "type": "string", - "enum": [ - "NONE", - "MUTUAL_TLS", - "INHERIT" - ] - }, - "istio.mesh.v1alpha1.Certificate": { - "type": "object", - "properties": { - "secretName": { - "description": "Name of the secret the certificate and its key will be stored into. If it is empty, it will not be stored into a secret. Instead, the certificate and its key will be stored into a hard-coded directory.", - "type": "string" - }, - "dnsNames": { - "description": "The DNS names for the certificate. A certificate may contain multiple DNS names.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ConfigSource": { - "description": "ConfigSource describes information about a configuration store inside a mesh. A single control plane instance can interact with one or more data sources.", - "type": "object", - "properties": { - "address": { - "description": "Address of the server implementing the Istio Mesh Configuration protocol (MCP). Can be IP address or a fully qualified DNS name. Use xds:// to specify a grpc-based xds backend, k8s:// to specify a k8s controller or fs:/// to specify a file-based backend with absolute path to the directory.", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "subscribedResources": { - "description": "Describes the source of configuration, if nothing is specified default is MCP", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Resource" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig": { - "description": "MeshConfig defines mesh-wide settings for the Istio service mesh.", - "type": "object", - "properties": { - "localityLbSetting": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting" - }, - "connectTimeout": { - "description": "Connection timeout used by Envoy. (MUST BE \u003e=1ms) Default timeout is 10s.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "h2UpgradePolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy" - }, - "caCertificates": { - "description": "The extra root certificates for workload-to-workload communication. The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) are automatically added by Istiod. The CA certificate that signs the workload certificates is automatically added by Istio Agent.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CertificateData" - } - }, - "proxyListenPort": { - "description": "Port on which Envoy should listen for incoming connections from other services. Default port is 15001.", - "type": "integer", - "format": "int32" - }, - "proxyHttpPort": { - "description": "Port on which Envoy should listen for HTTP PROXY requests if set.", - "type": "integer", - "format": "int32" - }, - "protocolDetectionTimeout": { - "description": "Automatic protocol detection uses a set of heuristics to determine whether the connection is using TLS or not (on the server side), as well as the application protocol being used (e.g., http vs tcp). These heuristics rely on the client sending the first bits of data. For server first protocols like MySQL, MongoDB, etc. Envoy will timeout on the protocol detection after the specified period, defaulting to non mTLS plain TCP traffic. Set this field to tweak the period that Envoy will wait for the client to send the first bits of data. (MUST BE \u003e=1ms or 0s to disable). Default detection timeout is 0s (no timeout).", - "type": "string" - }, - "ingressClass": { - "description": "Class of ingress resources to be processed by Istio ingress controller. This corresponds to the value of `kubernetes.io/ingress.class` annotation.", - "type": "string" - }, - "ingressService": { - "description": "Name of the Kubernetes service used for the istio ingress controller. If no ingress controller is specified, the default value `istio-ingressgateway` is used.", - "type": "string" - }, - "ingressControllerMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.IngressControllerMode" - }, - "ingressSelector": { - "description": "Defines which gateway deployment to use as the Ingress controller. This field corresponds to the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. By default, `ingressgateway` is used, which will select the default IngressGateway as it has the `istio: ingressgateway` labels. It is recommended that this is the same value as ingress_service.", - "type": "string" - }, - "enableTracing": { - "description": "Flag to control generation of trace spans and request IDs. Requires a trace span collector defined in the proxy configuration.", - "type": "boolean" - }, - "accessLogFile": { - "description": "File address for the proxy access log (e.g. /dev/stdout). Empty value disables access logging.", - "type": "string" - }, - "accessLogFormat": { - "description": "Format for the proxy access log Empty value results in proxy's default access log format", - "type": "string" - }, - "accessLogEncoding": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding" - }, - "enableEnvoyAccessLogService": { - "description": "This flag enables Envoy's gRPC Access Log Service. See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto) for details about Envoy's gRPC Access Log Service API. Default value is `false`.", - "type": "boolean" - }, - "disableEnvoyListenerLog": { - "description": "This flag disables Envoy Listener logs. See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) Istio Enables Envoy's listener access logs on \"NoRoute\" response flag. Default value is `false`.", - "type": "boolean" - }, - "defaultConfig": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig" - }, - "outboundTrafficPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy" - }, - "configSources": { - "description": "ConfigSource describes a source of configuration data for networking rules, and other Istio configuration artifacts. Multiple data sources can be configured for a single control plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ConfigSource" - } - }, - "enableAutoMtls": { - "description": "This flag is used to enable mutual `TLS` automatically for service to service communication within the mesh, default true. If set to true, and a given service does not have a corresponding `DestinationRule` configured, or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side TLS configuration appropriately. More specifically, If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate for mutual `TLS` to connect to upstream. If upstream service is in plain text mode, use plain text. If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead.", - "type": "boolean", - "nullable": true - }, - "trustDomain": { - "description": "The trust domain corresponds to the trust root of a system. Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain)", - "type": "string" - }, - "trustDomainAliases": { - "description": "The trust domain aliases represent the aliases of `trust_domain`. For example, if we have ```yaml trustDomain: td1 trustDomainAliases: [\"td2\", \"td3\"] ``` Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultServiceExportTo": { - "description": "The default value for the ServiceEntry.export_to field and services imported through container registry integrations, e.g. this applies to Kubernetes Service resources. The value is a list of namespace names and reserved namespace aliases. The allowed namespace aliases are: ``` * - All Namespaces . - Current Namespace ~ - No Namespace ``` If not set the system will use \"*\" as the default value which implies that services are exported to all namespaces. `All namespaces` is a reasonable default for implementations that don't need to restrict access or visibility of services across namespace boundaries. If that requirement is present it is generally good practice to make the default `Current namespace` so that services are only visible within their own namespaces by default. Operators can then expand the visibility of services to other namespaces as needed. Use of `No Namespace` is expected to be rare but can have utility for deployments where dependency management needs to be precise even within the scope of a single namespace. For further discussion see the reference documentation for `ServiceEntry`, `Sidecar`, and `Gateway`.", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultVirtualServiceExportTo": { - "description": "The default value for the VirtualService.export_to field. Has the same syntax as `default_service_export_to`. If not set the system will use \"*\" as the default value which implies that virtual services are exported to all namespaces", - "type": "array", - "items": { - "type": "string" - } - }, - "defaultDestinationRuleExportTo": { - "description": "The default value for the `DestinationRule.export_to` field. Has the same syntax as `default_service_export_to`. If not set the system will use \"*\" as the default value which implies that destination rules are exported to all namespaces", - "type": "array", - "items": { - "type": "string" - } - }, - "rootNamespace": { - "description": "The namespace to treat as the administrative root namespace for Istio configuration. When processing a leaf namespace Istio will search for declarations in that namespace first and if none are found it will search in the root namespace. Any matching declaration found in the root namespace is processed as if it were declared in the leaf namespace. The precise semantics of this processing are documented on each resource type.", - "type": "string" - }, - "dnsRefreshRate": { - "description": "Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` Default refresh rate is `5s`.", - "type": "string" - }, - "inboundClusterStatName": { - "description": "Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `inbound|\u003cport\u003e|\u003cport-name\u003e|\u003cservice-FQDN\u003e`. For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern. A Pattern can be composed of various pre-defined variables. The following variables are supported. - `%SERVICE%` - Will be substituted with name of the service. - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. - `%SERVICE_PORT%` - Will be substituted with port of the service. - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. Following are some examples of supported patterns for reviews: - `%SERVICE_FQDN%_%SERVICE_PORT%` will use reviews.prod.svc.cluster.local_7443 as the stats name. - `%SERVICE%` will use reviews.prod as the stats name.", - "type": "string" - }, - "outboundClusterStatName": { - "description": "Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for network filters like TCP and Redis. By default, Istio emits statistics with the pattern `outbound|\u003cport\u003e|\u003csubsetname\u003e|\u003cservice-FQDN\u003e`. For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern. A Pattern can be composed of various pre-defined variables. The following variables are supported. - `%SERVICE%` - Will be substituted with name of the service. - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. - `%SERVICE_PORT%` - Will be substituted with port of the service. - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. - `%SUBSET_NAME%` - Will be substituted with subset. Following are some examples of supported patterns for reviews: - `%SERVICE_FQDN%_%SERVICE_PORT%` will use `reviews.prod.svc.cluster.local_7443` as the stats name. - `%SERVICE%` will use reviews.prod as the stats name.", - "type": "string" - }, - "certificates": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Certificate" - } - }, - "serviceSettings": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings" - } - }, - "enablePrometheusMerge": { - "description": "If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and `prometheus.io/path` annotations. If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. In this case, it is recommended to disable aggregation on that deployment with the `prometheus.istio.io/merge-metrics: \"false\"` annotation. If not specified, this will be enabled by default.", - "type": "boolean", - "nullable": true - }, - "verifyCertificateAtClient": { - "type": "boolean", - "deprecated": true, - "nullable": true - }, - "ca": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.CA" - }, - "extensionProviders": { - "description": "Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy can be used with an extension provider to delegate the authorization decision to a custom authorization system.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider" - } - }, - "defaultProviders": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.DefaultProviders" - }, - "discoverySelectors": { - "description": "A list of Kubernetes selectors that specify the set of namespaces that Istio considers when computing configuration updates for sidecars. This can be used to reduce Istio's computational load by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. If omitted, Istio will use the default behavior of processing all namespaces in the cluster. Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. The following example selects any namespace that matches either below: 1. The namespace has both of these labels: `env: prod` and `region: us-east1` 2. The namespace has label `app` equal to `cassandra` or `spark`. ```yaml discoverySelectors: - matchLabels: env: prod region: us-east1 - matchExpressions: - key: app operator: In values: - cassandra - spark ``` Refer to the [kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for additional detail on selector semantics.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - }, - "pathNormalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization" - }, - "defaultHttpRetryPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRetry" - }, - "meshMTLS": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.TLSConfig" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding": { - "type": "string", - "enum": [ - "TEXT", - "JSON" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.CA": { - "type": "object", - "properties": { - "address": { - "description": "REQUIRED. Address of the CA server implementing the Istio CA gRPC API. Can be IP address or a fully qualified DNS name with port Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000", - "type": "string" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "requestTimeout": { - "description": "timeout for forward CSR requests from Istiod to External CA Default: 10s", - "type": "string" - }, - "istiodSide": { - "description": "Use istiod_side to specify CA Server integrate to Istiod side or Agent side Default: true", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.CertificateData": { - "type": "object", - "properties": { - "certSigners": { - "description": "Optional. Specify the kubernetes signers (External CA) that use this trustAnchor when Istiod is acting as RA(registration authority) If set, they are used for these signers. Otherwise, this trustAnchor is used for all signers.", - "type": "array", - "items": { - "type": "string" - } - }, - "trustDomains": { - "description": "Optional. Specify the list of trust domains to which this trustAnchor data belongs. If set, they are used for these trust domains. Otherwise, this trustAnchor is used for default trust domain and its aliases. Note that we can have multiple trustAnchor data for a same trust_domain. In that case, trustAnchors with a same trust domain will be merged and used together to verify peer certificates. If neither cert_signers nor trust_domains is set, this trustAnchor is used for all trust domains and all signers. If only trust_domains is set, this trustAnchor is used for these trust_domains and all signers. If only cert_signers is set, this trustAnchor is used for these cert_signers and all trust domains. If both cert_signers and trust_domains is set, this trustAnchor is only used for these signers and trust domains.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "pem" - ], - "properties": { - "pem": { - "description": "The PEM data of the certificate.", - "type": "string" - } - } - }, - { - "required": [ - "spiffeBundleUrl" - ], - "properties": { - "spiffeBundleUrl": { - "description": "The SPIFFE bundle endpoint URL that complies to: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle The endpoint should support authentication based on Web PKI: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki The certificate is retrieved from the endpoint.", - "type": "string" - } - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.DefaultProviders": { - "description": "Holds the name references to the providers that will be used by default in other Istio configuration resources if the provider is not specified. These names must match a provider defined in `extension_providers` that is one of the supported tracing providers.", - "type": "object", - "properties": { - "tracing": { - "description": "Name of the default provider(s) for tracing.", - "type": "array", - "items": { - "type": "string" - } - }, - "metrics": { - "description": "Name of the default provider(s) for metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "accessLogging": { - "description": "Name of the default provider(s) for access logging.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider": { - "type": "object", - "properties": { - "name": { - "description": "REQUIRED. A unique name identifying the extension provider.", - "type": "string" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - }, - {} - ] - } - }, - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - }, - { - "not": { - "anyOf": [ - {}, - { - "required": [ - "envoyExtAuthzHttp" - ], - "properties": { - "envoyExtAuthzHttp": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - } - } - }, - { - "required": [ - "envoyExtAuthzGrpc" - ], - "properties": { - "envoyExtAuthzGrpc": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - } - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - } - } - }, - { - "required": [ - "opencensus" - ], - "properties": { - "opencensus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - } - } - }, - { - "required": [ - "skywalking" - ], - "properties": { - "skywalking": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - } - } - }, - { - "required": [ - "opentelemetry" - ], - "properties": { - "opentelemetry": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - } - } - }, - { - "required": [ - "prometheus" - ], - "properties": { - "prometheus": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - } - } - }, - { - "required": [ - "envoyFileAccessLog" - ], - "properties": { - "envoyFileAccessLog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - } - } - }, - { - "required": [ - "envoyHttpAls" - ], - "properties": { - "envoyHttpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyTcpAls" - ], - "properties": { - "envoyTcpAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - } - } - }, - { - "required": [ - "envoyOtelAls" - ], - "properties": { - "envoyOtelAls": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - } - } - } - ] - } - } - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.DatadogTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.LightstepTracingProvider", - "deprecated": true - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.PrometheusMetricsProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SkyWalkingTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider" - }, - "istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy": { - "description": "Default Policy for upgrading http1.1 connections to http2.", - "type": "string", - "enum": [ - "DO_NOT_UPGRADE", - "UPGRADE" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.IngressControllerMode": { - "type": "string", - "enum": [ - "UNSPECIFIED", - "OFF", - "DEFAULT", - "STRICT" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy": { - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode": { - "type": "string", - "enum": [ - "REGISTRY_ONLY", - "ALLOW_ANY" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization": { - "type": "object", - "properties": { - "normalization": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType": { - "type": "string", - "enum": [ - "DEFAULT", - "NONE", - "BASE", - "MERGE_SLASHES", - "DECODE_AND_MERGE_SLASHES" - ] - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings": { - "type": "object", - "properties": { - "hosts": { - "description": "The services to which the Settings should be applied. Services are selected using the hostname matching rules used by DestinationRule. For example: foo.bar.svc.cluster.local, *.baz.svc.cluster.local", - "type": "array", - "items": { - "type": "string" - } - }, - "settings": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.ServiceSettings.Settings": { - "description": "Settings for the selected services.", - "type": "object", - "properties": { - "clusterLocal": { - "description": "If true, specifies that the client and service endpoints must reside in the same cluster. By default, in multi-cluster deployments, the Istio control plane assumes all service endpoints to be reachable from any client in any of the clusters which are part of the mesh. This configuration option limits the set of service endpoints visible to a client to be cluster scoped. There are some common scenarios when this can be useful: - A service (or group of services) is inherently local to the cluster and has local storage for that cluster. For example, the kube-system namespace (e.g. the Kube API Server). - A mesh administrator wants to slowly migrate services to Istio. They might start by first having services cluster-local and then slowly transition them to mesh-wide. They could do this service-by-service (e.g. mysvc.myns.svc.cluster.local) or as a group (e.g. *.myns.svc.cluster.local). By default Istio will consider kubernetes.default.svc (i.e. the API Server) as well as all services in the kube-system namespace to be cluster-local, unless explicitly overridden here.", - "type": "boolean" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.TLSConfig": { - "type": "object", - "properties": { - "minProtocolVersion": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol" - } - } - }, - "istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol": { - "description": "TLS protocol versions.", - "type": "string", - "enum": [ - "TLS_AUTO", - "TLSV1_2", - "TLSV1_3" - ] - }, - "istio.mesh.v1alpha1.PrivateKeyProvider": { - "description": "PrivateKeyProvider defines private key configuration for gateways and sidecars. This can be configured mesh wide or individual per-workload basis.", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "cryptomb" - ], - "properties": { - "cryptomb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - } - } - }, - { - "required": [ - "qat" - ], - "properties": { - "qat": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - } - } - } - ] - } - }, - { - "required": [ - "cryptomb" - ], - "properties": { - "cryptomb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - } - } - }, - { - "required": [ - "qat" - ], - "properties": { - "qat": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - } - } - } - ] - }, - "istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.CryptoMb" - }, - "istio.mesh.v1alpha1.PrivateKeyProvider.QAT": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider.QAT" - }, - "istio.mesh.v1alpha1.ProxyConfig": { - "description": "ProxyConfig defines variables for individual Envoy instances. This can be configured on a per-workload basis as well as by the mesh-wide defaults. To set the mesh wide defaults, configure the `defaultConfig` section of `meshConfig`. For example: ``` meshConfig: defaultConfig: discoveryAddress: istiod:15012 ``` This can also be configured on a per-workload basis by configuring the `proxy.istio.io/config` annotation on the pod. For example: ``` annotations: proxy.istio.io/config: | discoveryAddress: istiod:15012 ``` If both are configured, the two are merged with per field semantics; the field set in annotation will fully replace the field from mesh config defaults. This is different than a deep merge provided by protobuf. For example, `\"tracing\": { \"sampling\": 5 }` would completely override a setting configuring a tracing provider such as `\"tracing\": { \"zipkin\": { \"address\": \"...\" } }`. Note: fields in ProxyConfig are not dynamically configured; changes will require restart of workloads to take effect.", - "type": "object", - "properties": { - "image": { - "$ref": "#/components/schemas/istio.networking.v1beta1.ProxyImage" - }, - "readinessProbe": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ReadinessProbe" - }, - "tracing": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing" - }, - "concurrency": { - "description": "The number of worker threads to run. If unset, this will be automatically determined based on CPU requests/limits. If set to 0, all cores on the machine will be used. Default is 2 worker threads.", - "type": "integer", - "nullable": true - }, - "configPath": { - "description": "Path to the generated configuration file directory. Proxy agent generates the actual configuration and stores it in this directory.", - "type": "string" - }, - "binaryPath": { - "description": "Path to the proxy binary", - "type": "string" - }, - "drainDuration": { - "description": "The time in seconds that Envoy will drain connections during a hot restart. MUST be \u003e=1s (e.g., _1s/1m/1h_) Default drain duration is `45s`.", - "type": "string" - }, - "discoveryAddress": { - "description": "Address of the discovery service exposing xDS with mTLS connection. The inject configuration may override this value.", - "type": "string" - }, - "discoveryRefreshDelay": { - "type": "string", - "deprecated": true - }, - "zipkinAddress": { - "description": "Address of the Zipkin service (e.g. _zipkin:9411_). DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead.", - "type": "string", - "deprecated": true - }, - "statsdUdpAddress": { - "description": "IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`).", - "type": "string" - }, - "envoyMetricsServiceAddress": { - "type": "string", - "deprecated": true - }, - "proxyAdminPort": { - "description": "Port on which Envoy should listen for administrative commands. Default port is `15000`.", - "type": "integer", - "format": "int32" - }, - "availabilityZone": { - "type": "string", - "deprecated": true - }, - "controlPlaneAuthPolicy": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.AuthenticationPolicy" - }, - "customConfigFile": { - "description": "File path of custom proxy configuration, currently used by proxies in front of Mixer and Pilot.", - "type": "string" - }, - "statNameLength": { - "description": "Maximum length of name field in Envoy's metrics. The length of the name field is determined by the length of a name field in a service and the set of labels that comprise a particular version of the service. The default value is set to 189 characters. Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. Increase the value of this field if you find that the metrics from Envoys are truncated.", - "type": "integer", - "format": "int32" - }, - "proxyBootstrapTemplatePath": { - "description": "Path to the proxy bootstrap template file", - "type": "string" - }, - "interceptionMode": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode" - }, - "sds": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.SDS", - "deprecated": true - }, - "envoyAccessLogService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "envoyMetricsService": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.RemoteService" - }, - "proxyMetadata": { - "description": "Additional environment variables for the proxy. Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "runtimeValues": { - "description": "Envoy [runtime configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/runtime) to set during bootstrapping. This enables setting experimental, unsafe, unsupported, and deprecated features that should be used with extreme caution.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "statusPort": { - "description": "Port on which the agent should listen for administrative commands such as readiness probe. Default is set to port `15020`.", - "type": "integer", - "format": "int32" - }, - "extraStatTags": { - "description": "An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be added by configuring the telemetry extension. Each additional tag needs to be present in this list. Extra tags emitted by the telemetry extensions must be listed here so that they can be processed and exposed as Prometheus metrics.", - "type": "array", - "items": { - "type": "string" - } - }, - "gatewayTopology": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology" - }, - "terminationDrainDuration": { - "description": "The amount of time allowed for connections to complete on proxy shutdown. On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start draining, preventing any new connections and allowing existing connections to complete. It then sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. If not set, a default of `5s` will be applied.", - "type": "string" - }, - "meshId": { - "description": "The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) All control planes running in the same service mesh should specify the same mesh ID. Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together.", - "type": "string" - }, - "proxyStatsMatcher": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher" - }, - "holdApplicationUntilProxyStarts": { - "description": "Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. This feature adds hooks to delay application startup until the pod proxy is ready to accept traffic, mitigating some startup race conditions. Default value is 'false'.", - "type": "boolean", - "nullable": true - }, - "caCertificatesPem": { - "description": "The PEM data of the extra root certificates for workload-to-workload communication. This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) are added automatically by Istiod.", - "type": "array", - "items": { - "type": "string" - } - }, - "privateKeyProvider": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.PrivateKeyProvider" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "serviceCluster" - ], - "properties": { - "serviceCluster": { - "description": "Service cluster defines the name for the `service_cluster` that is shared by all Envoy instances. This setting corresponds to `--service-cluster` flag in Envoy. In a typical Envoy deployment, the `service-cluster` flag is used to identify the caller, for source-based routing scenarios. Since Istio does not assign a local `service/service` version to each Envoy instance, the name is same for all of them. However, the source/caller's identity (e.g., IP address) is encoded in the `--service-node` flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the `service-node` flag to compute routes that are relative to the service instances located at that IP address.", - "type": "string" - } - } - }, - { - "required": [ - "tracingServiceName" - ], - "properties": { - "tracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - } - } - } - ] - } - }, - { - "required": [ - "serviceCluster" - ], - "properties": { - "serviceCluster": { - "description": "Service cluster defines the name for the `service_cluster` that is shared by all Envoy instances. This setting corresponds to `--service-cluster` flag in Envoy. In a typical Envoy deployment, the `service-cluster` flag is used to identify the caller, for source-based routing scenarios. Since Istio does not assign a local `service/service` version to each Envoy instance, the name is same for all of them. However, the source/caller's identity (e.g., IP address) is encoded in the `--service-node` flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the `service-node` flag to compute routes that are relative to the service instances located at that IP address.", - "type": "string" - } - } - }, - { - "required": [ - "tracingServiceName" - ], - "properties": { - "tracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - } - } - } - ] - }, - "istio.mesh.v1alpha1.ProxyConfig.InboundInterceptionMode": { - "description": "The mode used to redirect inbound traffic to Envoy. This setting has no effect on outbound traffic: iptables `REDIRECT` is always used for outbound connections.", - "type": "string", - "enum": [ - "REDIRECT", - "TPROXY", - "NONE" - ] - }, - "istio.mesh.v1alpha1.ProxyConfig.ProxyStatsMatcher": { - "description": "Proxy stats name matchers for stats creation. Note this is in addition to the minimum Envoy stats that Istio generates by default.", - "type": "object", - "properties": { - "inclusionPrefixes": { - "description": "Proxy stats name prefix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionSuffixes": { - "description": "Proxy stats name suffix matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - }, - "inclusionRegexps": { - "description": "Proxy stats name regexps matcher for inclusion.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.mesh.v1alpha1.ProxyConfig.TracingServiceName": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.ProxyConfig.TracingServiceName" - }, - "istio.mesh.v1alpha1.RemoteService": { - "type": "object", - "properties": { - "address": { - "description": "Address of a remove service used for various purposes (access log receiver, metrics receiver, etc.). Can be IP address or a fully qualified DNS name.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - } - } - }, - "istio.mesh.v1alpha1.Resource": { - "description": "Resource describes the source of configuration", - "type": "string", - "enum": [ - "SERVICE_REGISTRY" - ] - }, - "istio.mesh.v1alpha1.SDS": { - "description": "SDS defines secret discovery service(SDS) configuration to be used by the proxy. For workload, its values are set in sidecar injector(passed as arguments to istio-proxy container). For pilot/mixer, it's passed as arguments to istio-proxy container in pilot/mixer deployment yaml files directly. $hide_from_docs", - "type": "object", - "properties": { - "enabled": { - "description": "True if SDS is enabled.", - "type": "boolean" - }, - "k8sSaJwtPath": { - "description": "Path of k8s service account JWT path.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Topology": { - "type": "object", - "properties": { - "numTrustedProxies": { - "type": "integer" - }, - "forwardClientCertDetails": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Topology.ForwardClientCertDetails" - } - } - }, - "istio.mesh.v1alpha1.Topology.ForwardClientCertDetails": { - "type": "string", - "enum": [ - "UNDEFINED", - "SANITIZE", - "FORWARD_ONLY", - "APPEND_FORWARD", - "SANITIZE_SET", - "ALWAYS_FORWARD_ONLY" - ] - }, - "istio.mesh.v1alpha1.Tracing": { - "description": "Tracing defines configuration for the tracing performed by Envoy instances.", - "type": "object", - "properties": { - "tlsSettings": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "customTags": { - "description": "Configures the custom tags to be added to active span by all proxies (i.e. sidecars and gateways). The key represents the name of the tag. Ex: ```yaml custom_tags: new_tag_name: header: name: custom-http-header-name default_value: defaulted-value-from-custom-header ``` $hide_from_docs", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.CustomTag" - } - }, - "maxPathTagLength": { - "description": "Configures the maximum length of the request path to extract and include in the HttpUrl tag. Used to truncate length request paths to meet the needs of tracing backend. If not set, then a length of 256 will be used. $hide_from_docs", - "type": "integer" - }, - "sampling": { - "description": "The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, if not requested by the client or not forced. Default is 1.0.", - "type": "number", - "format": "double" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - } - }, - { - "required": [ - "zipkin" - ], - "properties": { - "zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - } - } - }, - { - "required": [ - "lightstep" - ], - "properties": { - "lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - } - } - }, - { - "required": [ - "datadog" - ], - "properties": { - "datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - } - } - }, - { - "required": [ - "stackdriver" - ], - "properties": { - "stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - } - } - }, - { - "required": [ - "openCensusAgent" - ], - "properties": { - "openCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.CustomTag": { - "description": "Configure custom tags that will be added to any active span. Tags can be generated via literals, environment variables or an incoming request header. $hide_from_docs", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - } - }, - { - "required": [ - "literal" - ], - "properties": { - "literal": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Literal" - } - } - }, - { - "required": [ - "environment" - ], - "properties": { - "environment": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Environment" - } - } - }, - { - "required": [ - "header" - ], - "properties": { - "header": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.RequestHeader" - } - } - } - ] - }, - "istio.mesh.v1alpha1.Tracing.Datadog": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Datadog" - }, - "istio.mesh.v1alpha1.Tracing.Environment": { - "description": "Environment is the proxy's environment variable to be used for populating the custom span tag. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable used to populate the tag's value", - "type": "string" - }, - "defaultValue": { - "description": "When the environment variable is not found, the tag's value will be populated with this default value if specified, otherwise the tag will not be populated.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Lightstep": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Lightstep" - }, - "istio.mesh.v1alpha1.Tracing.Literal": { - "description": "Literal type represents a static value. $hide_from_docs", - "type": "object", - "properties": { - "value": { - "description": "Static literal value used to populate the tag value.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.OpenCensusAgent": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.OpenCensusAgent" - }, - "istio.mesh.v1alpha1.Tracing.RequestHeader": { - "description": "RequestHeader is the HTTP request header which will be used to populate the span tag. A default value can be configured if the header does not exist. $hide_from_docs", - "type": "object", - "properties": { - "name": { - "description": "HTTP header name used to obtain the value from to populate the tag value.", - "type": "string" - }, - "defaultValue": { - "description": "Default value to be used for the tag when the named HTTP header does not exist. The tag will be skipped if no default value is provided.", - "type": "string" - } - } - }, - "istio.mesh.v1alpha1.Tracing.Stackdriver": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Stackdriver" - }, - "istio.mesh.v1alpha1.Tracing.Zipkin": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.Tracing.Zipkin" - }, - "istio.networking.v1alpha3.ClientTLSSettings": { - "description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) for more details. These settings are common to both HTTP and TCP upstreams. For example, the following rule configures a client to use mutual TLS for connections to upstream database cluster. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: db-mtls spec: host: mydbserver.prod.svc.cluster.local trafficPolicy: tls: mode: MUTUAL clientCertificate: /etc/certs/myclientcert.pem privateKey: /etc/certs/client_private_key.pem caCertificates: /etc/certs/rootcacerts.pem ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: db-mtls spec: host: mydbserver.prod.svc.cluster.local trafficPolicy: tls: mode: MUTUAL clientCertificate: /etc/certs/myclientcert.pem privateKey: /etc/certs/client_private_key.pem caCertificates: /etc/certs/rootcacerts.pem ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}} The following rule configures a client to use TLS when talking to a foreign service whose domain matches *.foo.com. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: tls-foo spec: host: \"*.foo.com\" trafficPolicy: tls: mode: SIMPLE ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: tls-foo spec: host: \"*.foo.com\" trafficPolicy: tls: mode: SIMPLE ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}} The following rule configures a client to use Istio mutual TLS when talking to rating services. {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: ratings-istio-mtls spec: host: ratings.prod.svc.cluster.local trafficPolicy: tls: mode: ISTIO_MUTUAL ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: ratings-istio-mtls spec: host: ratings.prod.svc.cluster.local trafficPolicy: tls: mode: ISTIO_MUTUAL ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}}", - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings.TLSmode" - }, - "clientCertificate": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "caCertificates": { - "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "credentialName": { - "description": "The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: \u003cprivateKey\u003e`, `cert: \u003cclientCert\u003e`, `cacert: \u003cCACertificate\u003e`. Here CACertificate is used to verify the server certificate. For mutual TLS, `cacert: \u003cCACertificate\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is applicable at sidecars only if `DestinationRule` has a `workloadSelector` specified. Otherwise the field will be applicable only at gateways, and sidecars will continue to use the certificate paths.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry. If unspecified, automatic validation of upstream presented certificate for new upstream connections will be done based on the downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` and `ENABLE_AUTO_SNI` environmental variables are set to `true`.", - "type": "array", - "items": { - "type": "string" - } - }, - "sni": { - "description": "SNI string to present to the server during TLS handshake. If unspecified, SNI will be automatically set based on downstream HTTP host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` environmental variable is set to `true`.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host. This flag should only be set if global CA signature verifcation is enabled, `VerifyCertAtClient` environmental variable is set to `true`, but no verification is desired for a specific host. If enabled with or without `VerifyCertAtClient` enabled, verification of the CA signature and SAN will be skipped. `InsecureSkipVerify` is `false` by default. `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will be `true` by default in a later version where, going forward, it will be enabled by default.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.ClientTLSSettings.TLSmode": { - "description": "TLS connection mode", - "type": "string", - "enum": [ - "DISABLE", - "SIMPLE", - "MUTUAL", - "ISTIO_MUTUAL" - ] - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive": { - "description": "TCP keepalive.", - "type": "object", - "properties": { - "time": { - "description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)", - "type": "string" - }, - "probes": { - "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)", - "type": "integer" - }, - "interval": { - "description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ExecHealthCheckConfig": { - "type": "object", - "properties": { - "command": { - "description": "Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.HTTPHeader": { - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.HTTPHealthCheckConfig": { - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "description": "Port on which the endpoint lives.", - "type": "integer" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "HTTP or HTTPS, defaults to HTTP", - "type": "string" - }, - "httpHeaders": { - "description": "Headers the proxy will pass on to make the request. Allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHeader" - } - } - } - }, - "istio.networking.v1alpha3.HTTPRetry": { - "description": "Describes the retry policy to use when a HTTP request fails. For example, the following rule sets the maximum number of retries to 3 when calling ratings:v1 service, with a 2s timeout per retry attempt. A retry will be attempted if there is a connect-failure, refused_stream or when the upstream server responds with Service Unavailable(503). {{\u003ctabset category-name=\"example\"\u003e}} {{\u003ctab name=\"v1alpha3\" category-value=\"v1alpha3\"\u003e}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - route: - destination: host: ratings.prod.svc.cluster.local subset: v1 retries: attempts: 3 perTryTimeout: 2s retryOn: connect-failure,refused-stream,503 ``` {{\u003c/tab\u003e}} {{\u003ctab name=\"v1beta1\" category-value=\"v1beta1\"\u003e}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - route: - destination: host: ratings.prod.svc.cluster.local subset: v1 retries: attempts: 3 perTryTimeout: 2s retryOn: gateway-error,connect-failure,refused-stream ``` {{\u003c/tab\u003e}} {{\u003c/tabset\u003e}}", - "type": "object", - "properties": { - "attempts": { - "description": "Number of retries to be allowed for a given request. The interval between retries will be determined automatically (25ms+). When request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) or `per_try_timeout` is configured, the actual number of retries attempted also depends on the specified request `timeout` and `per_try_timeout` values.", - "type": "integer", - "format": "int32" - }, - "perTryTimeout": { - "description": "Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is same value as request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), which means no timeout.", - "type": "string" - }, - "retryOn": { - "description": "Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details.", - "type": "string" - }, - "retryRemoteLocalities": { - "description": "Flag to specify whether the retries should retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting": { - "description": "Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) The following example shows how to setup locality weights mesh-wide. Given a mesh with workloads and their service deployed to \"us-west/zone1/*\" and \"us-west/zone2/*\". This example specifies that when traffic accessing a service originates from workloads in \"us-west/zone1/*\", 80% of the traffic will be sent to endpoints in \"us-west/zone1/*\", i.e the same zone, and the remaining 20% will go to endpoints in \"us-west/zone2/*\". This setup is intended to favor routing traffic to endpoints in the same locality. A similar setting is specified for traffic originating in \"us-west/zone2/*\". ```yaml distribute: - from: us-west/zone1/* to: \"us-west/zone1/*\": 80 \"us-west/zone2/*\": 20 - from: us-west/zone2/* to: \"us-west/zone1/*\": 20 \"us-west/zone2/*\": 80 ``` If the goal of the operator is not to distribute load across zones and regions but rather to restrict the regionality of failover to meet other operational requirements an operator can set a 'failover' policy instead of a 'distribute' policy. The following example sets up a locality failover policy for regions. Assume a service resides in zones within us-east, us-west \u0026 eu-west this example specifies that when endpoints within us-east become unhealthy traffic should failover to endpoints in any zone or sub-zone within eu-west and similarly us-west should failover to us-east. ```yaml failover: - from: us-east to: eu-west - from: us-west to: us-east ``` Locality load balancing settings.", - "type": "object", - "properties": { - "distribute": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) If empty, the locality weight is set according to the endpoints number within it.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute" - } - }, - "failover": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover" - } - }, - "failoverPriority": { - "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. This is to support traffic failover across different groups of endpoints. Suppose there are total N labels specified: 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. 4. All the other endpoints have priority P(N) i.e. lowest priority. Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. It can be any label specified on both client and server workloads. The following labels which have special semantic meaning are also supported: - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. The below topology config indicates the following priority levels: ```yaml failoverPriority: - \"topology.istio.io/network\" - \"topology.kubernetes.io/region\" - \"topology.kubernetes.io/zone\" - \"topology.istio.io/subzone\" ``` 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. 5. all the other endpoints have the same lowest priority. Optional: only one of distribute, failover or failoverPriority can be set. And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect.", - "type": "array", - "items": { - "type": "string" - } - }, - "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute": { - "description": "Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: `*` - matches all localities `us-west/*` - all zones and sub-zones within the us-west region `us-west/zone-1/*` - all sub-zones within us-west/zone-1", - "type": "object", - "properties": { - "from": { - "description": "Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.", - "type": "string" - }, - "to": { - "description": "Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover": { - "description": "Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.", - "type": "object", - "properties": { - "from": { - "description": "Originating region.", - "type": "string" - }, - "to": { - "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ReadinessProbe": { - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before readiness probes are initiated.", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - }, - "istio.networking.v1alpha3.TCPHealthCheckConfig": { - "type": "object", - "properties": { - "port": { - "description": "Port of host", - "type": "integer" - }, - "host": { - "description": "Host to connect to, defaults to localhost", - "type": "string" - } - } - }, - "istio.networking.v1beta1.ProxyImage": { - "description": "The following values are used to construct proxy image url. format: `${hub}/${image_name}/${tag}-${image_type}`, example: `docker.io/istio/proxyv2:1.11.1` or `docker.io/istio/proxyv2:1.11.1-distroless`. This information was previously part of the Values API.", - "type": "object", - "properties": { - "imageType": { - "description": "The image type of the image. Istio publishes default, debug, and distroless images. Other values are allowed if those image types (example: centos) are published to the specified hub. supported values: default, debug, distroless.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ConfigState": { - "type": "string", - "enum": [ - "Unspecified", - "Created", - "ReconcileFailed", - "Reconciling", - "Available", - "Unmanaged" - ] - }, - "istio_operator.v2.api.v1alpha1.IstioMeshSpec": { - "description": "Mesh defines an Istio service mesh", - "type": "object", - "properties": { - "config": { - "$ref": "#/components/schemas/istio.mesh.v1alpha1.MeshConfig" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshStatus": { - "type": "object", - "properties": { - "status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "errorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.go deleted file mode 100644 index d8675300e..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.go +++ /dev/null @@ -1,286 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc (unknown) -// source: api/v1alpha1/istiomesh.proto - -// $schema: istio-operator.api.v1alpha1.IstioMeshSpec -// $title: Istio Mesh Spec -// $description: Istio Mesh descriptor - -package v1alpha1 - -import ( - _ "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1alpha1 "istio.io/api/mesh/v1alpha1" - _ "k8s.io/api/core/v1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Mesh defines an Istio service mesh -// -// -// -// -type IstioMeshSpec struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Config *v1alpha1.MeshConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` -} - -func (x *IstioMeshSpec) Reset() { - *x = IstioMeshSpec{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiomesh_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioMeshSpec) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioMeshSpec) ProtoMessage() {} - -func (x *IstioMeshSpec) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiomesh_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioMeshSpec.ProtoReflect.Descriptor instead. -func (*IstioMeshSpec) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomesh_proto_rawDescGZIP(), []int{0} -} - -func (x *IstioMeshSpec) GetConfig() *v1alpha1.MeshConfig { - if x != nil { - return x.Config - } - return nil -} - -// -type IstioMeshStatus struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Reconciliation status of the Istio mesh - Status ConfigState `protobuf:"varint,1,opt,name=status,proto3,enum=istio_operator.v2.api.v1alpha1.ConfigState" json:"status,omitempty"` - // Reconciliation error message if any - ErrorMessage string `protobuf:"bytes,2,opt,name=errorMessage,proto3" json:"errorMessage,omitempty"` -} - -func (x *IstioMeshStatus) Reset() { - *x = IstioMeshStatus{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiomesh_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioMeshStatus) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioMeshStatus) ProtoMessage() {} - -func (x *IstioMeshStatus) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiomesh_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioMeshStatus.ProtoReflect.Descriptor instead. -func (*IstioMeshStatus) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomesh_proto_rawDescGZIP(), []int{1} -} - -func (x *IstioMeshStatus) GetStatus() ConfigState { - if x != nil { - return x.Status - } - return ConfigState_Unspecified -} - -func (x *IstioMeshStatus) GetErrorMessage() string { - if x != nil { - return x.ErrorMessage - } - return "" -} - -var File_api_v1alpha1_istiomesh_proto protoreflect.FileDescriptor - -var file_api_v1alpha1_istiomesh_proto_rawDesc = []byte{ - 0x0a, 0x1c, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, - 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, - 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x6d, 0x65, 0x73, 0x68, 0x2f, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x48, 0x0a, 0x0d, 0x49, 0x73, - 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x73, 0x68, 0x53, 0x70, 0x65, 0x63, 0x12, 0x37, 0x0a, 0x06, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x22, 0x7a, 0x0a, 0x0f, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x73, - 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x43, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x22, 0x0a, 0x0c, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x42, 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, - 0x61, 0x6e, 0x7a, 0x61, 0x69, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_api_v1alpha1_istiomesh_proto_rawDescOnce sync.Once - file_api_v1alpha1_istiomesh_proto_rawDescData = file_api_v1alpha1_istiomesh_proto_rawDesc -) - -func file_api_v1alpha1_istiomesh_proto_rawDescGZIP() []byte { - file_api_v1alpha1_istiomesh_proto_rawDescOnce.Do(func() { - file_api_v1alpha1_istiomesh_proto_rawDescData = protoimpl.X.CompressGZIP(file_api_v1alpha1_istiomesh_proto_rawDescData) - }) - return file_api_v1alpha1_istiomesh_proto_rawDescData -} - -var file_api_v1alpha1_istiomesh_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_api_v1alpha1_istiomesh_proto_goTypes = []interface{}{ - (*IstioMeshSpec)(nil), // 0: istio_operator.v2.api.v1alpha1.IstioMeshSpec - (*IstioMeshStatus)(nil), // 1: istio_operator.v2.api.v1alpha1.IstioMeshStatus - (*v1alpha1.MeshConfig)(nil), // 2: istio.mesh.v1alpha1.MeshConfig - (ConfigState)(0), // 3: istio_operator.v2.api.v1alpha1.ConfigState -} -var file_api_v1alpha1_istiomesh_proto_depIdxs = []int32{ - 2, // 0: istio_operator.v2.api.v1alpha1.IstioMeshSpec.config:type_name -> istio.mesh.v1alpha1.MeshConfig - 3, // 1: istio_operator.v2.api.v1alpha1.IstioMeshStatus.status:type_name -> istio_operator.v2.api.v1alpha1.ConfigState - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_api_v1alpha1_istiomesh_proto_init() } -func file_api_v1alpha1_istiomesh_proto_init() { - if File_api_v1alpha1_istiomesh_proto != nil { - return - } - file_api_v1alpha1_common_proto_init() - if !protoimpl.UnsafeEnabled { - file_api_v1alpha1_istiomesh_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioMeshSpec); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiomesh_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioMeshStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_api_v1alpha1_istiomesh_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_api_v1alpha1_istiomesh_proto_goTypes, - DependencyIndexes: file_api_v1alpha1_istiomesh_proto_depIdxs, - MessageInfos: file_api_v1alpha1_istiomesh_proto_msgTypes, - }.Build() - File_api_v1alpha1_istiomesh_proto = out.File - file_api_v1alpha1_istiomesh_proto_rawDesc = nil - file_api_v1alpha1_istiomesh_proto_goTypes = nil - file_api_v1alpha1_istiomesh_proto_depIdxs = nil -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.html b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.html deleted file mode 100644 index 72c05fffc..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.pb.html +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: Istio Mesh Spec -description: Istio Mesh descriptor -layout: protoc-gen-docs -generator: protoc-gen-docs -schema: istio-operator.api.v1alpha1.IstioMeshSpec -number_of_entries: 3 ---- -

IstioMeshSpec

-
-

Mesh defines an Istio service mesh

- - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
configMeshConfig - -No -
-
-

IstioMeshStatus

-
- - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
statusConfigState -

Reconciliation status of the Istio mesh

- -		 -No -
errorMessagestring -

Reconciliation error message if any

- -		 -No -
-
-

ConfigState

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription
Unspecified -
Created -
ReconcileFailed -
Reconciling -
Available -
Unmanaged -
-
diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.proto b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.proto deleted file mode 100644 index f82fc58ee..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh.proto +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/protobuf/wrappers.proto"; -import "api/v1alpha1/common.proto"; -import "mesh/v1alpha1/config.proto"; -import "google/api/field_behavior.proto"; -import "k8s.io/api/core/v1/generated.proto"; - -// $schema: istio-operator.api.v1alpha1.IstioMeshSpec -// $title: Istio Mesh Spec -// $description: Istio Mesh descriptor - -package istio_operator.v2.api.v1alpha1; - -option go_package = "github.com/banzaicloud/istio-operator/v2/api/v1alpha1"; - -// Mesh defines an Istio service mesh -// -// -// -// -message IstioMeshSpec { - istio.mesh.v1alpha1.MeshConfig config = 1; -} - -// -message IstioMeshStatus { - // Reconciliation status of the Istio mesh - ConfigState status = 1; - - // Reconciliation error message if any - string errorMessage = 2; -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_deepcopy.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_deepcopy.gen.go deleted file mode 100644 index dee3cc568..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_deepcopy.gen.go +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1alpha1 - -import ( - proto "github.com/golang/protobuf/proto" -) - -// DeepCopyInto supports using IstioMeshSpec within kubernetes types, where deepcopy-gen is used. -func (in *IstioMeshSpec) DeepCopyInto(out *IstioMeshSpec) { - p := proto.Clone(in).(*IstioMeshSpec) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshSpec. Required by controller-gen. -func (in *IstioMeshSpec) DeepCopy() *IstioMeshSpec { - if in == nil { - return nil - } - out := new(IstioMeshSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshSpec. Required by controller-gen. -func (in *IstioMeshSpec) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioMeshStatus within kubernetes types, where deepcopy-gen is used. -func (in *IstioMeshStatus) DeepCopyInto(out *IstioMeshStatus) { - p := proto.Clone(in).(*IstioMeshStatus) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshStatus. Required by controller-gen. -func (in *IstioMeshStatus) DeepCopy() *IstioMeshStatus { - if in == nil { - return nil - } - out := new(IstioMeshStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshStatus. Required by controller-gen. -func (in *IstioMeshStatus) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_json.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_json.gen.go deleted file mode 100644 index 9a516cd51..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_json.gen.go +++ /dev/null @@ -1,34 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1alpha1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for IstioMeshSpec -func (this *IstioMeshSpec) MarshalJSON() ([]byte, error) { - str, err := IstiomeshMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioMeshSpec -func (this *IstioMeshSpec) UnmarshalJSON(b []byte) error { - return IstiomeshUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioMeshStatus -func (this *IstioMeshStatus) MarshalJSON() ([]byte, error) { - str, err := IstiomeshMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioMeshStatus -func (this *IstioMeshStatus) UnmarshalJSON(b []byte) error { - return IstiomeshUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - IstiomeshMarshaler = &jsonpb.Marshaler{} - IstiomeshUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_types.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_types.go deleted file mode 100644 index 9a44b779a..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomesh_types.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +kubebuilder:object:root=true - -// IstioMesh is the Schema for the mesh API -type IstioMesh struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Spec *IstioMeshSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` - Status *IstioMeshStatus `json:"status,omitempty"` -} - -func (m *IstioMesh) SetStatus(status ConfigState, errorMessage string) { - m.GetStatus().Status = status - m.GetStatus().ErrorMessage = errorMessage -} - -func (m *IstioMesh) GetStatus() *IstioMeshStatus { - if m.Status == nil { - m.Status = &IstioMeshStatus{} - } - - return m.Status -} - -func (m *IstioMesh) GetSpec() *IstioMeshSpec { - if m.Spec != nil { - return m.Spec - } - - return nil -} - -// +kubebuilder:object:root=true - -// IstioMeshList contains a list of IstioMesh -type IstioMeshList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - Items []IstioMesh `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -func init() { - SchemeBuilder.Register(&IstioMesh{}, &IstioMeshList{}) -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.gen.json b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.gen.json deleted file mode 100644 index 72d8b7904..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.gen.json +++ /dev/null @@ -1,2503 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Istio Mesh Gateway descriptor", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig": { - "type": "object", - "properties": { - "env": { - "description": "If present will be appended to the environment variables of the container", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVar" - } - }, - "resources": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ResourceRequirements" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "image": { - "description": "Standard Kubernetes container image configuration", - "type": "string" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeMount" - } - }, - "livenessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "readinessProbe": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Probe" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "securityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecurityContext" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Volume" - } - }, - "nodeSelector": { - "description": "Standard Kubernetes node selector configuration", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - }, - "affinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Affinity" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Toleration" - } - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", - "type": "string" - }, - "topologySpreadConstraints": { - "description": "Used to control how Pods are spread across a cluster among failure-domains. This can help to achieve high availability as well as efficient resource utilization. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TopologySpreadConstraint" - } - }, - "replicas": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Replicas" - }, - "podMetadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "podDisruptionBudget": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.PodDisruptionBudget" - }, - "deploymentStrategy": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy" - }, - "podSecurityContext": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodSecurityContext" - } - } - }, - "istio_operator.v2.api.v1alpha1.ConfigState": { - "type": "string", - "enum": [ - "Unspecified", - "Created", - "ReconcileFailed", - "Reconciling", - "Available", - "Unmanaged" - ] - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy": { - "type": "object", - "properties": { - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment" - } - } - }, - "istio_operator.v2.api.v1alpha1.DeploymentStrategy.RollingUpdateDeployment": { - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "maxSurge": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.GatewayType": { - "type": "string", - "enum": [ - "unspecified", - "ingress", - "egress" - ] - }, - "istio_operator.v2.api.v1alpha1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HTTPHeader" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. GOTYPE: *IntOrString", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ] - }, - "istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec": { - "description": "IstioMeshGateway defines an Istio ingress or egress gateway", - "type": "object", - "properties": { - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.GatewayType" - }, - "service": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Service" - }, - "k8sResourceOverlays": { - "description": "K8s resource overlay patches", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch" - } - }, - "deployment": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig" - }, - "runAsRoot": { - "description": "Whether to run the gateway in a privileged container", - "type": "boolean", - "nullable": true - }, - "istioControlPlane": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - } - } - }, - "istio_operator.v2.api.v1alpha1.IstioMeshGatewayStatus": { - "type": "object", - "properties": { - "Status": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ConfigState" - }, - "GatewayAddress": { - "description": "Current address for the gateway", - "type": "array", - "items": { - "type": "string" - } - }, - "ErrorMessage": { - "description": "Reconciliation error message if any", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sObjectMeta": { - "description": "Generic k8s resource metadata", - "type": "object", - "properties": { - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch": { - "type": "object", - "properties": { - "groupVersionKind": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind" - }, - "objectKey": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.NamespacedName" - }, - "patches": { - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.GroupVersionKind": { - "type": "object", - "properties": { - "kind": { - "type": "string" - }, - "group": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Patch": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "type": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type" - }, - "value": { - "type": "string" - }, - "parseValue": { - "type": "boolean" - } - } - }, - "istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch.Type": { - "type": "string", - "enum": [ - "unspecified", - "replace", - "remove" - ] - }, - "istio_operator.v2.api.v1alpha1.NamespacedName": { - "type": "object", - "properties": { - "name": { - "description": "Name of the referenced Kubernetes resource", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referenced Kubernetes resource", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.PodDisruptionBudget": { - "description": "PodDisruptionBudget is a description of a PodDisruptionBudget", - "type": "object", - "properties": { - "maxUnavailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "minAvailable": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - } - } - }, - "istio_operator.v2.api.v1alpha1.Probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "type": "integer", - "format": "int64" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ExecAction" - } - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.HTTPGetAction" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.TCPSocketAction" - } - } - }, - { - "required": [ - "grpc" - ], - "properties": { - "grpc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GRPCAction" - } - } - } - ] - }, - "istio_operator.v2.api.v1alpha1.Properties": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. GOTYPE: *Quantity", - "oneOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ], - "pattern": "^(\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\\\+|-)?(([0-9]+(\\\\.[0-9]*)?)|(\\\\.[0-9]+))))?$" - }, - "istio_operator.v2.api.v1alpha1.Replicas": { - "description": "Replicas contains pod replica configuration", - "type": "object", - "properties": { - "count": { - "description": "Standard Kubernetes replica count configuration", - "type": "integer", - "nullable": true - }, - "max": { - "description": "max is the upper limit for the number of replicas to which the autoscaler can scale up. min and max both need to be set the turn on autoscaling. It cannot be less than min.", - "type": "integer", - "nullable": true - }, - "min": { - "description": "min is the lower limit for the number of replicas to which the autoscaler can scale down. min and max both need to be set the turn on autoscaling.", - "type": "integer", - "nullable": true - }, - "targetCPUUtilizationPercentage": { - "description": "target average CPU utilization (represented as a percentage of requested CPU) over all the pods; default 80% will be used if not specified.", - "type": "integer", - "nullable": true - } - } - }, - "istio_operator.v2.api.v1alpha1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.Quantity" - } - } - } - }, - "istio_operator.v2.api.v1alpha1.Service": { - "description": "Service describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ExternalName\" maps to the specified externalName. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.K8sObjectMeta" - }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.ServicePort" - } - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are \"None\", empty string (\"\"), or a valid IP address. \"None\" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string" - } - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/", - "type": "array", - "items": { - "type": "string" - } - }, - "externalName": { - "description": "externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.", - "type": "integer", - "format": "int32" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.", - "type": "boolean", - "nullable": true - }, - "sessionAffinityConfig": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SessionAffinityConfig" - }, - "ipFamily": { - "description": "ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.", - "type": "string" - } - } - }, - "istio_operator.v2.api.v1alpha1.ServicePort": { - "description": "ServicePort contains information on service's port.", - "type": "object", - "properties": { - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. if only one ServicePort is defined on this service.", - "type": "string" - }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.", - "type": "string" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32" - }, - "targetPort": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "type": "integer", - "format": "int32" - } - } - }, - "istio_operator.v2.api.v1alpha1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio_operator.v2.api.v1alpha1.IntOrString" - }, - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource": { - "description": "Represents a Persistent Disk resource in AWS. An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.Affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "type": "object", - "properties": { - "nodeAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeAffinity" - }, - "podAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinity" - }, - "podAntiAffinity": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAntiAffinity" - } - } - }, - "k8s.io.api.core.v1.AzureDiskVolumeSource": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.AzureFileVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.CSIVolumeSource": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", - "type": "object", - "properties": { - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", - "type": "string" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "volumeAttributes": { - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "nodePublishSecretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.Capabilities": { - "description": "Adds and removes POSIX capabilities from running containers.", - "type": "object", - "properties": { - "add": { - "description": "Added capabilities", - "type": "array", - "items": { - "type": "string" - } - }, - "drop": { - "description": "Removed capabilities", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.CephFSVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.CinderVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.ClientIPConfig": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", - "type": "object", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.ConfigMapKeySelector": { - "description": "Selects a key from a ConfigMap.", - "type": "object", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapProjection": { - "description": "Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.ConfigMapVolumeSource": { - "description": "Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIProjection": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeFile": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "type": "object", - "properties": { - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.DownwardAPIVolumeSource": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of downward API volume file", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeFile" - } - }, - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.EmptyDirVolumeSource": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.EnvVar": { - "description": "EnvVar represents an environment variable present in a Container.", - "type": "object", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", - "type": "string" - }, - "valueFrom": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EnvVarSource" - } - } - }, - "k8s.io.api.core.v1.EnvVarSource": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "fieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ObjectFieldSelector" - }, - "resourceFieldRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceFieldSelector" - }, - "configMapKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapKeySelector" - }, - "secretKeyRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretKeySelector" - } - } - }, - "k8s.io.api.core.v1.EphemeralVolumeSource": { - "description": "Represents an ephemeral volume that is handled by a normal storage driver.", - "type": "object", - "properties": { - "volumeClaimTemplate": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimTemplate" - } - } - }, - "k8s.io.api.core.v1.ExecAction": { - "description": "ExecAction describes a \"run in container\" action.", - "type": "object", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FCVolumeSource": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "type": "array", - "items": { - "type": "string" - } - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "type": "integer", - "format": "int32" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlexVolumeSource": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.FlockerVolumeSource": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GCEPersistentDiskVolumeSource": { - "description": "Represents a Persistent Disk resource in Google Compute Engine. A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GRPCAction": { - "type": "object", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "type": "integer", - "format": "int32" - }, - "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GitRepoVolumeSource": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "type": "object", - "properties": { - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - }, - "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.GlusterfsVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - }, - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HTTPHeader": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.HostPathVolumeSource": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ISCSIVolumeSource": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "type": "integer", - "format": "int32" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "array", - "items": { - "type": "string" - } - }, - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.KeyToPath": { - "description": "Maps a string key to a path within a volume.", - "type": "object", - "properties": { - "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string" - }, - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NFSVolumeSource": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.NodeAffinity": { - "description": "Node affinity is a group of node affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelector" - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PreferredSchedulingTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelector": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", - "type": "object", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorRequirement": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.api.core.v1.NodeSelectorTerm": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorRequirement" - } - } - } - }, - "k8s.io.api.core.v1.ObjectFieldSelector": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", - "type": "object", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimSpec": { - "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", - "type": "object", - "properties": { - "resources": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ResourceRequirements" - }, - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "type": "array", - "items": { - "type": "string" - } - }, - "selector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "dataSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - }, - "dataSourceRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.TypedLocalObjectReference" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimTemplate": { - "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimSpec" - } - } - }, - "k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", - "type": "object", - "properties": { - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", - "type": "boolean" - }, - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource": { - "description": "Represents a Photon Controller persistent disk resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.PodAffinity": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodAffinityTerm": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "type": "array", - "items": { - "type": "string" - } - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - }, - "namespaceSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - } - }, - "k8s.io.api.core.v1.PodAntiAffinity": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", - "type": "object", - "properties": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - }, - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WeightedPodAffinityTerm" - } - } - } - }, - "k8s.io.api.core.v1.PodSecurityContext": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "type": "integer", - "format": "int64" - } - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Sysctl" - } - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - } - } - }, - "k8s.io.api.core.v1.PortworxVolumeSource": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", - "type": "object", - "properties": { - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - }, - "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.PreferredSchedulingTerm": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "type": "object", - "properties": { - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "preference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NodeSelectorTerm" - } - } - }, - "k8s.io.api.core.v1.ProjectedVolumeSource": { - "description": "Represents a projected volume source", - "type": "object", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "sources": { - "description": "sources is the list of volume projections", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeProjection" - } - } - } - }, - "k8s.io.api.core.v1.QuobyteVolumeSource": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", - "type": "object", - "properties": { - "group": { - "description": "group to map volume access to Default is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", - "type": "boolean" - }, - "user": { - "description": "user to map volume access to Defaults to serivceaccount user", - "type": "string" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.RBDVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string" - } - }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ResourceFieldSelector": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", - "type": "object", - "properties": { - "resource": { - "description": "Required: resource to select", - "type": "string" - }, - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "k8s.io.api.core.v1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.api.resource.Quantity" - } - } - } - }, - "k8s.io.api.core.v1.SELinuxOptions": { - "description": "SELinuxOptions are the labels to be applied to the container", - "type": "object", - "properties": { - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ScaleIOVolumeSource": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SeccompProfile": { - "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", - "type": "object", - "properties": { - "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", - "type": "string" - }, - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret.", - "type": "object", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretProjection": { - "description": "Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "localObjectReference": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - } - }, - "k8s.io.api.core.v1.SecretVolumeSource": { - "description": "Adapts a Secret into a volume. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.KeyToPath" - } - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - } - } - }, - "k8s.io.api.core.v1.SecurityContext": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", - "type": "object", - "properties": { - "seLinuxOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SELinuxOptions" - }, - "windowsOptions": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.WindowsSecurityContextOptions" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "seccompProfile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SeccompProfile" - }, - "capabilities": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.Capabilities" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.ServiceAccountTokenProjection": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", - "type": "object", - "properties": { - "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", - "type": "string" - }, - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.SessionAffinityConfig": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", - "type": "object", - "properties": { - "clientIP": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ClientIPConfig" - } - } - }, - "k8s.io.api.core.v1.StorageOSVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.LocalObjectReference" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Sysctl": { - "description": "Sysctl defines a kernel parameter to be set", - "type": "object", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Toleration": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", - "type": "object", - "properties": { - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - }, - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "type": "integer", - "format": "int64" - } - } - }, - "k8s.io.api.core.v1.TopologySpreadConstraint": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "type": "object", - "properties": { - "labelSelector": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.", - "type": "string" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", - "type": "integer", - "format": "int32" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.TypedLocalObjectReference": { - "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.Volume": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "type": "object", - "properties": { - "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "volumeSource": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VolumeSource" - } - } - }, - "k8s.io.api.core.v1.VolumeMount": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "type": "object", - "properties": { - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", - "type": "boolean" - }, - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapProjection" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretProjection" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIProjection" - }, - "serviceAccountToken": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ServiceAccountTokenProjection" - } - } - }, - "k8s.io.api.core.v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", - "type": "object", - "properties": { - "configMap": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ConfigMapVolumeSource" - }, - "gcePersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "awsElasticBlockStore": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "hostPath": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.HostPathVolumeSource" - }, - "glusterfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GlusterfsVolumeSource" - }, - "nfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.NFSVolumeSource" - }, - "rbd": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.RBDVolumeSource" - }, - "iscsi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ISCSIVolumeSource" - }, - "cinder": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CinderVolumeSource" - }, - "cephfs": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CephFSVolumeSource" - }, - "fc": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FCVolumeSource" - }, - "flocker": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlockerVolumeSource" - }, - "flexVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.FlexVolumeSource" - }, - "azureFile": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureFileVolumeSource" - }, - "vsphereVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource" - }, - "quobyte": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.QuobyteVolumeSource" - }, - "azureDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.AzureDiskVolumeSource" - }, - "photonPersistentDisk": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PortworxVolumeSource" - }, - "scaleIO": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ScaleIOVolumeSource" - }, - "storageos": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.StorageOSVolumeSource" - }, - "csi": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.CSIVolumeSource" - }, - "secret": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.SecretVolumeSource" - }, - "downwardAPI": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EmptyDirVolumeSource" - }, - "gitRepo": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.GitRepoVolumeSource" - }, - "persistentVolumeClaim": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "projected": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.ProjectedVolumeSource" - }, - "ephemeral": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.EphemeralVolumeSource" - } - } - }, - "k8s.io.api.core.v1.VsphereVirtualDiskVolumeSource": { - "description": "Represents a vSphere volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - } - } - }, - "k8s.io.api.core.v1.WeightedPodAffinityTerm": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "type": "object", - "properties": { - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "type": "integer", - "format": "int32" - }, - "podAffinityTerm": { - "$ref": "#/components/schemas/k8s.io.api.core.v1.PodAffinityTerm" - } - } - }, - "k8s.io.api.core.v1.WindowsSecurityContextOptions": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", - "type": "object", - "properties": { - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors. The serialization format is: \u003cquantity\u003e ::= \u003csignedNumber\u003e\u003csuffix\u003e (Note that \u003csuffix\u003e may be empty, from the \"\" case in \u003cdecimalSI\u003e.) \u003cdigit\u003e ::= 0 | 1 | ... | 9 \u003cdigits\u003e ::= \u003cdigit\u003e | \u003cdigit\u003e\u003cdigits\u003e \u003cnumber\u003e ::= \u003cdigits\u003e | \u003cdigits\u003e.\u003cdigits\u003e | \u003cdigits\u003e. | .\u003cdigits\u003e \u003csign\u003e ::= \"+\" | \"-\" \u003csignedNumber\u003e ::= \u003cnumber\u003e | \u003csign\u003e\u003cnumber\u003e \u003csuffix\u003e ::= \u003cbinarySI\u003e | \u003cdecimalExponent\u003e | \u003cdecimalSI\u003e \u003cbinarySI\u003e ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) \u003cdecimalSI\u003e ::= m | \"\" | k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) \u003cdecimalExponent\u003e ::= \"e\" \u003csignedNumber\u003e | \"E\" \u003csignedNumber\u003e No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. Before serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: a. No precision is lost b. No fractional digits will be emitted c. The exponent (or suffix) is as large as possible. The sign will be omitted unless the number is negative. Examples: 1.5 will be serialized as \"1500m\" 1.5Gi will be serialized as \"1536Mi\" Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", - "type": "object", - "properties": { - "string": { - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1": { - "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. The exact format is defined in sigs.k8s.io/structured-merge-diff", - "type": "object", - "properties": { - "Raw": { - "description": "Raw is the underlying serialization of this object.", - "type": "string", - "format": "binary" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { - "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", - "type": "object", - "properties": { - "time": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "apiVersion": { - "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", - "type": "string" - }, - "manager": { - "description": "Manager is an identifier of the workflow managing these fields.", - "type": "string" - }, - "operation": { - "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", - "type": "string" - }, - "fieldsType": { - "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", - "type": "string" - }, - "fieldsV1": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1" - }, - "subresource": { - "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", - "type": "string" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", - "type": "object", - "properties": { - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "resourceVersion": { - "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" - }, - "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "generation": { - "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", - "type": "integer", - "format": "int64" - }, - "creationTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionTimestamp": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionGracePeriodSeconds": { - "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", - "type": "integer", - "format": "int64" - }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference" - } - }, - "finalizers": { - "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", - "type": "array", - "items": { - "type": "string" - } - }, - "clusterName": { - "description": "The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.", - "type": "string" - }, - "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", - "type": "array", - "items": { - "$ref": "#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" - } - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "uid": { - "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", - "type": "string" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - } - } - }, - "k8s.io.apimachinery.pkg.apis.meta.v1.Time": { - "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", - "type": "object", - "properties": { - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", - "type": "integer", - "format": "int64" - }, - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32" - } - } - } - } - } -} \ No newline at end of file diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.go deleted file mode 100644 index f576bafcc..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.go +++ /dev/null @@ -1,504 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc (unknown) -// source: api/v1alpha1/istiomeshgateway.proto - -// $schema: istio-operator.api.v1alpha1.IstioMeshGatewaySpec -// $title: Istio Mesh Gateway Spec -// $description: Istio Mesh Gateway descriptor - -package v1alpha1 - -import ( - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - _ "k8s.io/api/core/v1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type GatewayType int32 - -const ( - GatewayType_unspecified GatewayType = 0 - GatewayType_ingress GatewayType = 1 - GatewayType_egress GatewayType = 2 -) - -// Enum value maps for GatewayType. -var ( - GatewayType_name = map[int32]string{ - 0: "unspecified", - 1: "ingress", - 2: "egress", - } - GatewayType_value = map[string]int32{ - "unspecified": 0, - "ingress": 1, - "egress": 2, - } -) - -func (x GatewayType) Enum() *GatewayType { - p := new(GatewayType) - *p = x - return p -} - -func (x GatewayType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (GatewayType) Descriptor() protoreflect.EnumDescriptor { - return file_api_v1alpha1_istiomeshgateway_proto_enumTypes[0].Descriptor() -} - -func (GatewayType) Type() protoreflect.EnumType { - return &file_api_v1alpha1_istiomeshgateway_proto_enumTypes[0] -} - -func (x GatewayType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use GatewayType.Descriptor instead. -func (GatewayType) EnumDescriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomeshgateway_proto_rawDescGZIP(), []int{0} -} - -// IstioMeshGateway defines an Istio ingress or egress gateway -// -// -// -// -type IstioMeshGatewaySpec struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Deployment spec - Deployment *BaseKubernetesResourceConfig `protobuf:"bytes,1,opt,name=deployment,proto3" json:"deployment,omitempty"` - // Service spec - Service *Service `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` - // Whether to run the gateway in a privileged container - RunAsRoot *wrappers.BoolValue `protobuf:"bytes,3,opt,name=runAsRoot,proto3" json:"runAsRoot,omitempty"` - // Type of gateway, either ingress or egress - // +kubebuilder:validation:Enum=ingress;egress - Type GatewayType `protobuf:"varint,4,opt,name=type,proto3,enum=istio_operator.v2.api.v1alpha1.GatewayType" json:"type,omitempty"` - // Istio CR to which this gateway belongs to - IstioControlPlane *NamespacedName `protobuf:"bytes,5,opt,name=istioControlPlane,proto3" json:"istioControlPlane,omitempty"` - // K8s resource overlay patches - K8SResourceOverlays []*K8SResourceOverlayPatch `protobuf:"bytes,6,rep,name=k8sResourceOverlays,proto3" json:"k8sResourceOverlays,omitempty"` -} - -func (x *IstioMeshGatewaySpec) Reset() { - *x = IstioMeshGatewaySpec{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioMeshGatewaySpec) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioMeshGatewaySpec) ProtoMessage() {} - -func (x *IstioMeshGatewaySpec) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioMeshGatewaySpec.ProtoReflect.Descriptor instead. -func (*IstioMeshGatewaySpec) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomeshgateway_proto_rawDescGZIP(), []int{0} -} - -func (x *IstioMeshGatewaySpec) GetDeployment() *BaseKubernetesResourceConfig { - if x != nil { - return x.Deployment - } - return nil -} - -func (x *IstioMeshGatewaySpec) GetService() *Service { - if x != nil { - return x.Service - } - return nil -} - -func (x *IstioMeshGatewaySpec) GetRunAsRoot() *wrappers.BoolValue { - if x != nil { - return x.RunAsRoot - } - return nil -} - -func (x *IstioMeshGatewaySpec) GetType() GatewayType { - if x != nil { - return x.Type - } - return GatewayType_unspecified -} - -func (x *IstioMeshGatewaySpec) GetIstioControlPlane() *NamespacedName { - if x != nil { - return x.IstioControlPlane - } - return nil -} - -func (x *IstioMeshGatewaySpec) GetK8SResourceOverlays() []*K8SResourceOverlayPatch { - if x != nil { - return x.K8SResourceOverlays - } - return nil -} - -type Properties struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *Properties) Reset() { - *x = Properties{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Properties) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Properties) ProtoMessage() {} - -func (x *Properties) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Properties.ProtoReflect.Descriptor instead. -func (*Properties) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomeshgateway_proto_rawDescGZIP(), []int{1} -} - -func (x *Properties) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// -type IstioMeshGatewayStatus struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Reconciliation status of the istio mesh gateway - Status ConfigState `protobuf:"varint,1,opt,name=Status,proto3,enum=istio_operator.v2.api.v1alpha1.ConfigState" json:"Status,omitempty"` - // Current address for the gateway - GatewayAddress []string `protobuf:"bytes,2,rep,name=GatewayAddress,proto3" json:"GatewayAddress,omitempty"` - // Reconciliation error message if any - ErrorMessage string `protobuf:"bytes,3,opt,name=ErrorMessage,proto3" json:"ErrorMessage,omitempty"` -} - -func (x *IstioMeshGatewayStatus) Reset() { - *x = IstioMeshGatewayStatus{} - if protoimpl.UnsafeEnabled { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioMeshGatewayStatus) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioMeshGatewayStatus) ProtoMessage() {} - -func (x *IstioMeshGatewayStatus) ProtoReflect() protoreflect.Message { - mi := &file_api_v1alpha1_istiomeshgateway_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioMeshGatewayStatus.ProtoReflect.Descriptor instead. -func (*IstioMeshGatewayStatus) Descriptor() ([]byte, []int) { - return file_api_v1alpha1_istiomeshgateway_proto_rawDescGZIP(), []int{2} -} - -func (x *IstioMeshGatewayStatus) GetStatus() ConfigState { - if x != nil { - return x.Status - } - return ConfigState_Unspecified -} - -func (x *IstioMeshGatewayStatus) GetGatewayAddress() []string { - if x != nil { - return x.GatewayAddress - } - return nil -} - -func (x *IstioMeshGatewayStatus) GetErrorMessage() string { - if x != nil { - return x.ErrorMessage - } - return "" -} - -var File_api_v1alpha1_istiomeshgateway_proto protoreflect.FileDescriptor - -var file_api_v1alpha1_istiomeshgateway_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x6d, 0x65, 0x73, 0x68, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, - 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x22, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, - 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8d, 0x04, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x4d, - 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x70, 0x65, 0x63, 0x12, 0x5c, - 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x73, 0x65, 0x4b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x52, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x07, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x07, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x52, 0x6f, - 0x6f, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x72, 0x75, 0x6e, 0x41, 0x73, 0x52, 0x6f, 0x6f, 0x74, 0x12, - 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x79, 0x70, 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x62, 0x0a, 0x11, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x43, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, - 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x11, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x12, 0x69, 0x0a, 0x13, 0x6b, 0x38, - 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, - 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x61, 0x79, 0x50, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x13, 0x6b, 0x38, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4f, 0x76, 0x65, - 0x72, 0x6c, 0x61, 0x79, 0x73, 0x22, 0x20, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, - 0x69, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xa9, 0x01, 0x0a, 0x16, 0x49, 0x73, 0x74, 0x69, - 0x6f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x12, 0x43, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, - 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x22, 0x0a, 0x0c, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x2a, 0x37, 0x0a, 0x0b, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x75, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, - 0x64, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x10, 0x01, - 0x12, 0x0a, 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x10, 0x02, 0x42, 0x37, 0x5a, 0x35, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, 0x6e, 0x7a, 0x61, - 0x69, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2d, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_api_v1alpha1_istiomeshgateway_proto_rawDescOnce sync.Once - file_api_v1alpha1_istiomeshgateway_proto_rawDescData = file_api_v1alpha1_istiomeshgateway_proto_rawDesc -) - -func file_api_v1alpha1_istiomeshgateway_proto_rawDescGZIP() []byte { - file_api_v1alpha1_istiomeshgateway_proto_rawDescOnce.Do(func() { - file_api_v1alpha1_istiomeshgateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_api_v1alpha1_istiomeshgateway_proto_rawDescData) - }) - return file_api_v1alpha1_istiomeshgateway_proto_rawDescData -} - -var file_api_v1alpha1_istiomeshgateway_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_api_v1alpha1_istiomeshgateway_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_api_v1alpha1_istiomeshgateway_proto_goTypes = []interface{}{ - (GatewayType)(0), // 0: istio_operator.v2.api.v1alpha1.GatewayType - (*IstioMeshGatewaySpec)(nil), // 1: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec - (*Properties)(nil), // 2: istio_operator.v2.api.v1alpha1.Properties - (*IstioMeshGatewayStatus)(nil), // 3: istio_operator.v2.api.v1alpha1.IstioMeshGatewayStatus - (*BaseKubernetesResourceConfig)(nil), // 4: istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - (*Service)(nil), // 5: istio_operator.v2.api.v1alpha1.Service - (*wrappers.BoolValue)(nil), // 6: google.protobuf.BoolValue - (*NamespacedName)(nil), // 7: istio_operator.v2.api.v1alpha1.NamespacedName - (*K8SResourceOverlayPatch)(nil), // 8: istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - (ConfigState)(0), // 9: istio_operator.v2.api.v1alpha1.ConfigState -} -var file_api_v1alpha1_istiomeshgateway_proto_depIdxs = []int32{ - 4, // 0: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.deployment:type_name -> istio_operator.v2.api.v1alpha1.BaseKubernetesResourceConfig - 5, // 1: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.service:type_name -> istio_operator.v2.api.v1alpha1.Service - 6, // 2: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.runAsRoot:type_name -> google.protobuf.BoolValue - 0, // 3: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.type:type_name -> istio_operator.v2.api.v1alpha1.GatewayType - 7, // 4: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.istioControlPlane:type_name -> istio_operator.v2.api.v1alpha1.NamespacedName - 8, // 5: istio_operator.v2.api.v1alpha1.IstioMeshGatewaySpec.k8sResourceOverlays:type_name -> istio_operator.v2.api.v1alpha1.K8sResourceOverlayPatch - 9, // 6: istio_operator.v2.api.v1alpha1.IstioMeshGatewayStatus.Status:type_name -> istio_operator.v2.api.v1alpha1.ConfigState - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_api_v1alpha1_istiomeshgateway_proto_init() } -func file_api_v1alpha1_istiomeshgateway_proto_init() { - if File_api_v1alpha1_istiomeshgateway_proto != nil { - return - } - file_api_v1alpha1_common_proto_init() - if !protoimpl.UnsafeEnabled { - file_api_v1alpha1_istiomeshgateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioMeshGatewaySpec); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiomeshgateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Properties); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_v1alpha1_istiomeshgateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioMeshGatewayStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_api_v1alpha1_istiomeshgateway_proto_rawDesc, - NumEnums: 1, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_api_v1alpha1_istiomeshgateway_proto_goTypes, - DependencyIndexes: file_api_v1alpha1_istiomeshgateway_proto_depIdxs, - EnumInfos: file_api_v1alpha1_istiomeshgateway_proto_enumTypes, - MessageInfos: file_api_v1alpha1_istiomeshgateway_proto_msgTypes, - }.Build() - File_api_v1alpha1_istiomeshgateway_proto = out.File - file_api_v1alpha1_istiomeshgateway_proto_rawDesc = nil - file_api_v1alpha1_istiomeshgateway_proto_goTypes = nil - file_api_v1alpha1_istiomeshgateway_proto_depIdxs = nil -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.html b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.html deleted file mode 100644 index db699ed8a..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.pb.html +++ /dev/null @@ -1,856 +0,0 @@ ---- -title: Istio Mesh Gateway Spec -description: Istio Mesh Gateway descriptor -layout: protoc-gen-docs -generator: protoc-gen-docs -schema: istio-operator.api.v1alpha1.IstioMeshGatewaySpec -number_of_entries: 9 ---- -

IstioMeshGatewaySpec

-
-

IstioMeshGateway defines an Istio ingress or egress gateway

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
deploymentBaseKubernetesResourceConfig -

Deployment spec

- -		 -No -
serviceService -

Service spec

- -		 -Yes -
runAsRootBoolValue -

Whether to run the gateway in a privileged container

- -		 -No -
typeGatewayType -

Type of gateway, either ingress or egress -+kubebuilder:validation:Enum=ingress;egress

- -		 -Yes -
istioControlPlaneNamespacedName -

Istio CR to which this gateway belongs to

- -		 -Yes -
k8sResourceOverlaysK8sResourceOverlayPatch[] -

K8s resource overlay patches

- -		 -No -
-
-

Properties

-
- - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring - -No -
-
-

IstioMeshGatewayStatus

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
StatusConfigState -

Reconciliation status of the istio mesh gateway

- -		 -No -
GatewayAddressstring[] -

Current address for the gateway

- -		 -No -
ErrorMessagestring -

Reconciliation error message if any

- -		 -No -
-
-

BaseKubernetesResourceConfig

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta -

Generic k8s resource metadata

- -		 -No -
imagestring -

Standard Kubernetes container image configuration

- -		 -No -
envEnvVar[] -

If present will be appended to the environment variables of the container

- -		 -No -
resourcesResourceRequirements -

Standard Kubernetes resource configuration, memory and CPU resource requirements

- -		 -No -
nodeSelectormap<string, string> -

Standard Kubernetes node selector configuration

- -		 -No -
affinityAffinity -

Standard Kubernetes affinity configuration

- -		 -No -
securityContextSecurityContext -

Standard Kubernetes security context configuration

- -		 -No -
imagePullPolicystring -

Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -+optional

- -		 -No -
imagePullSecretsLocalObjectReference[] -

ImagePullSecrets is an optional list of references to secrets to use for pulling any of the images. -+optional

- -		 -No -
priorityClassNamestring -

If specified, indicates the pod’s priority. “system-node-critical” and -“system-cluster-critical” are two special keywords which indicate the -highest priorities with the former being the highest priority. Any other -name must be defined by creating a PriorityClass object with that name. -If not specified, the pod priority will be default or zero if there is no -default. -+optional

- -		 -No -
tolerationsToleration[] -

If specified, the pod’s tolerations. -+optional

- -		 -No -
volumesVolume[] -

List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes -+optional -+patchMergeKey=name -+patchStrategy=merge,retainKeys

- -		 -No -
volumeMountsVolumeMount[] -

Pod volumes to mount into the container’s filesystem. -Cannot be updated. -+optional -+patchMergeKey=mountPath -+patchStrategy=merge

- -		 -No -
replicasReplicas -

Replica configuration

- -		 -No -
podMetadataK8sObjectMeta -

Standard Kubernetes pod annotation and label configuration

- -		 -No -
podDisruptionBudgetPodDisruptionBudget -

PodDisruptionBudget configuration

- -		 -No -
deploymentStrategyDeploymentStrategy -

DeploymentStrategy configuration

- -		 -No -
podSecurityContextPodSecurityContext -

Standard Kubernetes pod security context configuration

- -		 -No -
livenessProbeProbe -

Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
readinessProbeProbe -

Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -+optional

- -		 -No -
topologySpreadConstraintsTopologySpreadConstraint[] -

Used to control how Pods are spread across a cluster among failure-domains. -This can help to achieve high availability as well as efficient resource utilization. -More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints -+optional

- -		 -No -
-
-

Service

-
-

Service describes the attributes that a user creates on a service.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
metadataK8sObjectMeta - -No -
portsServicePort[] -

The list of ports that are exposed by this service. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+patchMergeKey=port -+patchStrategy=merge -+listType=map -+listMapKey=port -+listMapKey=protocol -+kubebuilder:validation:MinItems=1

- -		 -Yes -
selectormap<string, string> -

Route service traffic to pods with label keys and values matching this -selector. If empty or not present, the service is assumed to have an -external process managing its endpoints, which Kubernetes will not -modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. -Ignored if type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/ -+optional

- -		 -No -
clusterIPstring -

clusterIP is the IP address of the service and is usually assigned -randomly by the master. If an address is specified manually and is not in -use by others, it will be allocated to the service; otherwise, creation -of the service will fail. This field can not be changed through updates. -Valid values are “None”, empty string (“”), or a valid IP address. “None” -can be specified for headless services when proxying is not required. -Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if -type is ExternalName. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
typestring -

type determines how the Service is exposed. Defaults to ClusterIP. Valid -options are ExternalName, ClusterIP, NodePort, and LoadBalancer. -“ExternalName” maps to the specified externalName. -“ClusterIP” allocates a cluster-internal IP address for load-balancing to -endpoints. Endpoints are determined by the selector or if that is not -specified, by manual construction of an Endpoints object. If clusterIP is -“None”, no virtual IP is allocated and the endpoints are published as a -set of endpoints rather than a stable IP. -“NodePort” builds on ClusterIP and allocates a port on every node which -routes to the clusterIP. -“LoadBalancer” builds on NodePort and creates an -external load-balancer (if supported in the current cloud) which routes -to the clusterIP. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -+optional -+kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

- -		 -Yes -
externalIPsstring[] -

externalIPs is a list of IP addresses for which nodes in the cluster -will also accept traffic for this service. These IPs are not managed by -Kubernetes. The user is responsible for ensuring that traffic arrives -at a node with this IP. A common example is external load-balancers -that are not part of the Kubernetes system. -+optional

- -		 -No -
sessionAffinitystring -

Supports “ClientIP” and “None”. Used to maintain session affinity. -Enable client IP based session affinity. -Must be ClientIP or None. -Defaults to None. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies -+optional

- -		 -No -
loadBalancerIPstring -

Only applies to Service Type: LoadBalancer -LoadBalancer will get created with the IP specified in this field. -This feature depends on whether the underlying cloud-provider supports specifying -the loadBalancerIP when a load balancer is created. -This field will be ignored if the cloud-provider does not support the feature. -+optional

- -		 -No -
loadBalancerSourceRangesstring[] -

If specified and supported by the platform, this will restrict traffic through the cloud-provider -load-balancer will be restricted to the specified client IPs. This field will be ignored if the -cloud-provider does not support the feature.” -More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ -+optional

- -		 -No -
externalNamestring -

externalName is the external reference that kubedns or equivalent will -return as a CNAME record for this service. No proxying will be involved. -Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) -and requires Type to be ExternalName. -+optional

- -		 -No -
externalTrafficPolicystring -

externalTrafficPolicy denotes if this Service desires to route external -traffic to node-local or cluster-wide endpoints. “Local” preserves the -client source IP and avoids a second hop for LoadBalancer and Nodeport -type services, but risks potentially imbalanced traffic spreading. -“Cluster” obscures the client source IP and may cause a second hop to -another node, but should have good overall load-spreading. -+optional

- -		 -No -
healthCheckNodePortint32 -

healthCheckNodePort specifies the healthcheck nodePort for the service. -If not specified, HealthCheckNodePort is created by the service api -backend with the allocated nodePort. Will use user-specified nodePort value -if specified by the client. Only effects when Type is set to LoadBalancer -and ExternalTrafficPolicy is set to Local. -+optional

- -		 -No -
publishNotReadyAddressesBoolValue -

publishNotReadyAddresses, when set to true, indicates that DNS implementations -must publish the notReadyAddresses of subsets for the Endpoints associated with -the Service. The default value is false. -The primary use case for setting this field is to use a StatefulSet’s Headless Service -to propagate SRV records for its Pods without respect to their readiness for purpose -of peer discovery. -+optional

- -		 -No -
sessionAffinityConfigSessionAffinityConfig -

sessionAffinityConfig contains the configurations of session affinity. -+optional

- -		 -No -
ipFamilystring -

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. -IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is -available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. -Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which -allocate external load-balancers should use the same IP family. Endpoints for this Service will be of -this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the -cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment. -+optional

- -		 -No -
-
-

NamespacedName

-
- - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
namestring -

Name of the referenced Kubernetes resource

- -		 -No -
namespacestring -

Namespace of the referenced Kubernetes resource

- -		 -No -
-
-

K8sResourceOverlayPatch

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescriptionRequired
groupVersionKindGroupVersionKind - -No -
objectKeyNamespacedName - -No -
patchesPatch[] - -No -
-
-

GatewayType

-
- - - - - - - - - - - - - - - - - - - - - -
NameDescription
unspecified -
ingress -
egress -
-
-

ConfigState

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription
Unspecified -
Created -
ReconcileFailed -
Reconciling -
Available -
Unmanaged -
-
diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.proto b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.proto deleted file mode 100644 index 42029d8da..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway.proto +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright 2021 Cisco Systems, Inc. and/or its affiliates. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/protobuf/wrappers.proto"; -import "api/v1alpha1/common.proto"; -import "google/api/field_behavior.proto"; -import "k8s.io/api/core/v1/generated.proto"; - -// $schema: istio-operator.api.v1alpha1.IstioMeshGatewaySpec -// $title: Istio Mesh Gateway Spec -// $description: Istio Mesh Gateway descriptor - -package istio_operator.v2.api.v1alpha1; - -option go_package = "github.com/banzaicloud/istio-operator/v2/api/v1alpha1"; - -// IstioMeshGateway defines an Istio ingress or egress gateway -// -// -// -// -message IstioMeshGatewaySpec { - // Deployment spec - BaseKubernetesResourceConfig deployment = 1; - - // Service spec - Service service = 2 [(google.api.field_behavior) = REQUIRED]; - - // Whether to run the gateway in a privileged container - google.protobuf.BoolValue runAsRoot = 3; - - // Type of gateway, either ingress or egress - // +kubebuilder:validation:Enum=ingress;egress - GatewayType type = 4 [(google.api.field_behavior) = REQUIRED]; - - // Istio CR to which this gateway belongs to - NamespacedName istioControlPlane = 5 [(google.api.field_behavior) = REQUIRED]; - - // K8s resource overlay patches - repeated K8sResourceOverlayPatch k8sResourceOverlays = 6; -} - -message Properties { - string name = 1; -} - -enum GatewayType { - unspecified = 0; - ingress = 1; - egress = 2; -} - -// -message IstioMeshGatewayStatus { - // Reconciliation status of the istio mesh gateway - ConfigState Status = 1; - - // Current address for the gateway - repeated string GatewayAddress = 2; - - // Reconciliation error message if any - string ErrorMessage = 3; -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_deepcopy.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_deepcopy.gen.go deleted file mode 100644 index dd4b6acc3..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_deepcopy.gen.go +++ /dev/null @@ -1,69 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1alpha1 - -import ( - proto "github.com/golang/protobuf/proto" -) - -// DeepCopyInto supports using IstioMeshGatewaySpec within kubernetes types, where deepcopy-gen is used. -func (in *IstioMeshGatewaySpec) DeepCopyInto(out *IstioMeshGatewaySpec) { - p := proto.Clone(in).(*IstioMeshGatewaySpec) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewaySpec. Required by controller-gen. -func (in *IstioMeshGatewaySpec) DeepCopy() *IstioMeshGatewaySpec { - if in == nil { - return nil - } - out := new(IstioMeshGatewaySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewaySpec. Required by controller-gen. -func (in *IstioMeshGatewaySpec) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Properties within kubernetes types, where deepcopy-gen is used. -func (in *Properties) DeepCopyInto(out *Properties) { - p := proto.Clone(in).(*Properties) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Properties. Required by controller-gen. -func (in *Properties) DeepCopy() *Properties { - if in == nil { - return nil - } - out := new(Properties) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Properties. Required by controller-gen. -func (in *Properties) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioMeshGatewayStatus within kubernetes types, where deepcopy-gen is used. -func (in *IstioMeshGatewayStatus) DeepCopyInto(out *IstioMeshGatewayStatus) { - p := proto.Clone(in).(*IstioMeshGatewayStatus) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewayStatus. Required by controller-gen. -func (in *IstioMeshGatewayStatus) DeepCopy() *IstioMeshGatewayStatus { - if in == nil { - return nil - } - out := new(IstioMeshGatewayStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewayStatus. Required by controller-gen. -func (in *IstioMeshGatewayStatus) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_json.gen.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_json.gen.go deleted file mode 100644 index f6a13d297..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_json.gen.go +++ /dev/null @@ -1,45 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1alpha1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for IstioMeshGatewaySpec -func (this *IstioMeshGatewaySpec) MarshalJSON() ([]byte, error) { - str, err := IstiomeshgatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioMeshGatewaySpec -func (this *IstioMeshGatewaySpec) UnmarshalJSON(b []byte) error { - return IstiomeshgatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Properties -func (this *Properties) MarshalJSON() ([]byte, error) { - str, err := IstiomeshgatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Properties -func (this *Properties) UnmarshalJSON(b []byte) error { - return IstiomeshgatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioMeshGatewayStatus -func (this *IstioMeshGatewayStatus) MarshalJSON() ([]byte, error) { - str, err := IstiomeshgatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioMeshGatewayStatus -func (this *IstioMeshGatewayStatus) UnmarshalJSON(b []byte) error { - return IstiomeshgatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - IstiomeshgatewayMarshaler = &jsonpb.Marshaler{} - IstiomeshgatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_types.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_types.go deleted file mode 100644 index f8cb5bf9e..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/istiomeshgateway_types.go +++ /dev/null @@ -1,116 +0,0 @@ -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - SidecarInjectionChecksumAnnotation = "sidecar.istio.servicemesh.cisco.com/injection-checksum" - MeshConfigChecksumAnnotation = "sidecar.istio.servicemesh.cisco.com/meshconfig-checksum" -) - -// +kubebuilder:object:root=true - -// IstioMeshGateway is the Schema for the istiomeshgateways API -type IstioMeshGateway struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Spec *IstioMeshGatewaySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` - Status *IstioMeshGatewayStatus `json:"status,omitempty"` -} - -func (imgw *IstioMeshGateway) SetStatus(status ConfigState, errorMessage string) { - imgw.GetStatus().Status = status - imgw.GetStatus().ErrorMessage = errorMessage -} - -func (imgw *IstioMeshGateway) GetStatus() *IstioMeshGatewayStatus { - if imgw.Status == nil { - imgw.Status = &IstioMeshGatewayStatus{} - } - - return imgw.Status -} - -func (imgw *IstioMeshGateway) GetSpec() *IstioMeshGatewaySpec { - if imgw.Spec != nil { - return imgw.Spec - } - - return nil -} - -// +kubebuilder:object:generate=false -type IstioMeshGatewayWithProperties struct { - *IstioMeshGateway `json:"istiomeshgateway,omitempty"` - Properties IstioMeshGatewayProperties `json:"properties,omitempty"` -} - -func (p *IstioMeshGatewayWithProperties) SetDefaults() { - annotations := p.IstioMeshGateway.GetSpec().GetDeployment().GetPodMetadata().GetAnnotations() - if annotations == nil { - annotations = make(map[string]string) - } - if p.Properties.InjectionChecksum != "" { - annotations[SidecarInjectionChecksumAnnotation] = p.Properties.InjectionChecksum - } - if p.Properties.MeshConfigChecksum != "" { - annotations[MeshConfigChecksumAnnotation] = p.Properties.MeshConfigChecksum - } - if p.IstioMeshGateway.GetSpec().GetDeployment() == nil { - p.IstioMeshGateway.GetSpec().Deployment = &BaseKubernetesResourceConfig{} - } - if p.IstioMeshGateway.GetSpec().GetDeployment().GetPodMetadata() == nil { - p.IstioMeshGateway.GetSpec().GetDeployment().PodMetadata = &K8SObjectMeta{} - } - p.IstioMeshGateway.GetSpec().GetDeployment().GetPodMetadata().Annotations = annotations -} - -// Properties of the IstioMeshGateway -type IstioMeshGatewayProperties struct { - Revision string `json:"revision,omitempty"` - EnablePrometheusMerge *bool `json:"enablePrometheusMerge,omitempty"` - InjectionTemplate string `json:"injectionTemplate,omitempty"` - InjectionChecksum string `json:"injectionChecksum,omitempty"` - MeshConfigChecksum string `json:"meshConfigChecksum,omitempty"` - IstioControlPlane *IstioControlPlane `json:"istioControlPlane,omitempty"` - GenerateExternalService bool `json:"generateExternalService,omitempty"` -} - -func (p IstioMeshGatewayProperties) GetIstioControlPlane() *IstioControlPlane { - if p.IstioControlPlane != nil { - return p.IstioControlPlane - } - - return &IstioControlPlane{} -} - -// +kubebuilder:object:root=true - -// IstioMeshGatewayList contains a list of IstioMeshGateway -type IstioMeshGatewayList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - Items []IstioMeshGateway `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -func init() { - SchemeBuilder.Register(&IstioMeshGateway{}, &IstioMeshGatewayList{}) -} diff --git a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/zz_generated.deepcopy.go b/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 0fddf0ca8..000000000 --- a/third_party/github.com/banzaicloud/istio-operator/api/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,411 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright 2021 Cisco Systems, Inc. and/or its affiliates. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioControlPlane) DeepCopyInto(out *IstioControlPlane) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = (*in).DeepCopy() - } - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlane. -func (in *IstioControlPlane) DeepCopy() *IstioControlPlane { - if in == nil { - return nil - } - out := new(IstioControlPlane) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioControlPlane) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioControlPlaneList) DeepCopyInto(out *IstioControlPlaneList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]IstioControlPlane, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioControlPlaneList. -func (in *IstioControlPlaneList) DeepCopy() *IstioControlPlaneList { - if in == nil { - return nil - } - out := new(IstioControlPlaneList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioControlPlaneList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioMesh) DeepCopyInto(out *IstioMesh) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = (*in).DeepCopy() - } - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMesh. -func (in *IstioMesh) DeepCopy() *IstioMesh { - if in == nil { - return nil - } - out := new(IstioMesh) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioMesh) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioMeshGateway) DeepCopyInto(out *IstioMeshGateway) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = (*in).DeepCopy() - } - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGateway. -func (in *IstioMeshGateway) DeepCopy() *IstioMeshGateway { - if in == nil { - return nil - } - out := new(IstioMeshGateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioMeshGateway) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioMeshGatewayList) DeepCopyInto(out *IstioMeshGatewayList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]IstioMeshGateway, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewayList. -func (in *IstioMeshGatewayList) DeepCopy() *IstioMeshGatewayList { - if in == nil { - return nil - } - out := new(IstioMeshGatewayList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioMeshGatewayList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioMeshGatewayProperties) DeepCopyInto(out *IstioMeshGatewayProperties) { - *out = *in - if in.EnablePrometheusMerge != nil { - in, out := &in.EnablePrometheusMerge, &out.EnablePrometheusMerge - *out = new(bool) - **out = **in - } - if in.IstioControlPlane != nil { - in, out := &in.IstioControlPlane, &out.IstioControlPlane - *out = new(IstioControlPlane) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshGatewayProperties. -func (in *IstioMeshGatewayProperties) DeepCopy() *IstioMeshGatewayProperties { - if in == nil { - return nil - } - out := new(IstioMeshGatewayProperties) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IstioMeshList) DeepCopyInto(out *IstioMeshList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]IstioMesh, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioMeshList. -func (in *IstioMeshList) DeepCopy() *IstioMeshList { - if in == nil { - return nil - } - out := new(IstioMeshList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IstioMeshList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PeerIstioControlPlane) DeepCopyInto(out *PeerIstioControlPlane) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = (*in).DeepCopy() - } - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerIstioControlPlane. -func (in *PeerIstioControlPlane) DeepCopy() *PeerIstioControlPlane { - if in == nil { - return nil - } - out := new(PeerIstioControlPlane) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PeerIstioControlPlane) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PeerIstioControlPlaneList) DeepCopyInto(out *PeerIstioControlPlaneList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PeerIstioControlPlane, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerIstioControlPlaneList. -func (in *PeerIstioControlPlaneList) DeepCopy() *PeerIstioControlPlaneList { - if in == nil { - return nil - } - out := new(PeerIstioControlPlaneList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PeerIstioControlPlaneList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Probe_Exec) DeepCopyInto(out *Probe_Exec) { - *out = *in - if in.Exec != nil { - in, out := &in.Exec, &out.Exec - *out = new(v1.ExecAction) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe_Exec. -func (in *Probe_Exec) DeepCopy() *Probe_Exec { - if in == nil { - return nil - } - out := new(Probe_Exec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Probe_Grpc) DeepCopyInto(out *Probe_Grpc) { - *out = *in - if in.Grpc != nil { - in, out := &in.Grpc, &out.Grpc - *out = new(v1.GRPCAction) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe_Grpc. -func (in *Probe_Grpc) DeepCopy() *Probe_Grpc { - if in == nil { - return nil - } - out := new(Probe_Grpc) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Probe_HttpGet) DeepCopyInto(out *Probe_HttpGet) { - *out = *in - if in.HttpGet != nil { - in, out := &in.HttpGet, &out.HttpGet - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe_HttpGet. -func (in *Probe_HttpGet) DeepCopy() *Probe_HttpGet { - if in == nil { - return nil - } - out := new(Probe_HttpGet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Probe_TcpSocket) DeepCopyInto(out *Probe_TcpSocket) { - *out = *in - if in.TcpSocket != nil { - in, out := &in.TcpSocket, &out.TcpSocket - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe_TcpSocket. -func (in *Probe_TcpSocket) DeepCopy() *Probe_TcpSocket { - if in == nil { - return nil - } - out := new(Probe_TcpSocket) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in SortableIstioControlPlaneItems) DeepCopyInto(out *SortableIstioControlPlaneItems) { - { - in := &in - *out = make(SortableIstioControlPlaneItems, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SortableIstioControlPlaneItems. -func (in SortableIstioControlPlaneItems) DeepCopy() SortableIstioControlPlaneItems { - if in == nil { - return nil - } - out := new(SortableIstioControlPlaneItems) - in.DeepCopyInto(out) - return *out -} From b8696e1f769c8f0932de8bc906bbc080fa9888e4 Mon Sep 17 00:00:00 2001 From: Adi Muraru Date: Tue, 2 Jun 2026 19:48:06 +0200 Subject: [PATCH 3/3] fix(deps): upgrade to k8s v0.36.1 / controller-runtime v0.24.1 / helm v3.21.0 Root cause: the weekly update-go-deps CI job has been failing since 2026-05-18 because sequential per-module `go get -u` calls leave k8s.io/kubectl at v0.35 while k8s.io/api reaches v0.36; kubectl v0.35 imports scheduling/v1alpha1 which was removed in v0.36, so `go mod tidy` aborts. Makefile (update-module-deps): - After the upgrade loop, pin kubectl and cli-runtime to the same minor as k8s.io/api so the k8s ecosystem stays in lockstep. - Exclude .claude/worktrees from `make tidy`. Dependency bumps (make update-go-deps + make generate manifests): - k8s.io/*: v0.34.x -> v0.36.1 (all in lockstep, incl. kubectl/cli-runtime) - helm.sh/helm/v3: v3.19.4 -> v3.21.0 - sigs.k8s.io/controller-runtime: v0.22.4 -> v0.24.1 - google.golang.org/grpc: v1.72.1 -> v1.81.1; other leaf bumps - CRDs + zz_generated.deepcopy regenerated (controller-gen v0.21; new k8s v0.36 schema fields) controller-runtime v0.24 breaking API changes: - main.go: NewWebhookManagedBy is generic; pass typed object as 2nd arg. - kafkacluster_validator.go, kafkatopic_validator.go: ValidateCreate/Update/ Delete now take concrete CRD types instead of runtime.Object. - mocks/SubResourceClient.go: add Apply() (new in SubResourceWriter). - kafkaclient/mock_client.go: add CreateACLs() to mockClusterAdmin. k8s v0.36 source migration: - k8s-objectmatcher tests: autoscaling/v2beta1 -> autoscaling/v2 (removed). SA1019 deprecations (golangci-lint v2.12.2): - api/v1alpha1,v1beta1: scheme.Builder -> runtime.NewSchemeBuilder (removes controller-runtime from the api module imports). - cmmeta.ObjectReference -> IssuerReference; corev1.ServiceExternalTrafficPolicyType -> ServiceExternalTrafficPolicy. - kafkaclient: CreateACL -> CreateACLs (batched per resource). - tests/e2e: terratest kubectl/helm helpers -> Context variants. - operator-tools: StorageMigrating added to exhaustive CRD-condition switch; nolint on the remaining scheme.Builder (third-party, not an api package). Co-Authored-By: Claude Sonnet 4.6 --- Makefile | 6 +- api/go.mod | 26 +- api/go.sum | 87 +--- api/v1alpha1/cruisecontroloperation_types.go | 4 - api/v1alpha1/groupversion_info.go | 26 +- api/v1alpha1/kafkatopic_types.go | 4 - api/v1alpha1/kafkauser_types.go | 6 +- api/v1alpha1/zz_generated.deepcopy.go | 4 +- api/v1beta1/groupversion_info.go | 22 +- api/v1beta1/kafkacluster_types.go | 8 +- api/v1beta1/zz_generated.deepcopy.go | 4 +- charts/kafka-operator/crds/kafkaclusters.yaml | 127 +++-- charts/kafka-operator/crds/kafkausers.yaml | 5 +- .../kafka.banzaicloud.io_kafkaclusters.yaml | 127 +++-- .../crds/kafka.banzaicloud.io_kafkausers.yaml | 5 +- go.mod | 129 +++-- go.sum | 289 +++++------ main.go | 6 +- pkg/kafkaclient/mock_client.go | 11 + pkg/kafkaclient/users.go | 108 ++--- pkg/pki/certmanagerpki/certmanager_pki.go | 2 +- .../certmanagerpki/certmanager_pki_test.go | 2 +- pkg/pki/certmanagerpki/certmanager_user.go | 4 +- .../certmanagerpki/certmanager_user_test.go | 2 +- .../kafka/mocks/SubResourceClient.go | 20 + pkg/webhooks/kafkacluster_validator.go | 9 +- pkg/webhooks/kafkatopic_validator.go | 14 +- properties/go.mod | 7 +- properties/go.sum | 38 +- tests/e2e/go.mod | 195 ++++---- tests/e2e/go.sum | 453 ++++++++---------- tests/e2e/helm.go | 13 +- tests/e2e/k8s.go | 48 +- tests/e2e/kafka_client.go | 2 +- tests/e2e/kcat.go | 7 +- tests/e2e/test_jmx_exporter.go | 9 +- .../banzaicloud/go-cruise-control/go.mod | 6 +- .../banzaicloud/go-cruise-control/go.sum | 26 +- .../go-cruise-control/integration_test/go.mod | 32 +- .../go-cruise-control/integration_test/go.sum | 64 +-- .../banzaicloud/k8s-objectmatcher/go.mod | 31 +- .../banzaicloud/k8s-objectmatcher/go.sum | 109 ++--- .../k8s-objectmatcher/tests/go.mod | 70 ++- .../k8s-objectmatcher/tests/go.sum | 183 +++---- .../banzaicloud/operator-tools/go.mod | 125 +++-- .../banzaicloud/operator-tools/go.sum | 379 +++++++-------- .../pkg/prometheus/servicemonitor.go | 2 +- .../operator-tools/pkg/reconciler/resource.go | 2 +- 48 files changed, 1345 insertions(+), 1513 deletions(-) diff --git a/Makefile b/Makefile index 55ac8d984..7d532dec6 100644 --- a/Makefile +++ b/Makefile @@ -320,6 +320,10 @@ define update-module-deps for m in $$(go list -mod=readonly -m -f '{{ if and (not .Replace) (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \ go get -u $$m; \ done; \ + if go list -m k8s.io/api >/dev/null 2>&1 && go list -m k8s.io/kubectl >/dev/null 2>&1; then \ + api_ver="$$(go list -m -f '{{.Version}}' k8s.io/api)"; \ + go get k8s.io/kubectl@"$$api_ver" k8s.io/cli-runtime@"$$api_ver"; \ + fi; \ go mod tidy endef @@ -342,7 +346,7 @@ update-go-deps: ## Update Go modules dependencies. tidy: ## Run go mod tidy in all Go modules. @echo "Finding all directories with go.mod files..." - @for gomod in $$(find . -name "go.mod" | sort); do \ + @for gomod in $$(find . -name "go.mod" -not -path './.claude/*' | sort); do \ dir=$$(dirname $$gomod); \ ( \ echo "Running go mod tidy in $$dir"; \ diff --git a/api/go.mod b/api/go.mod index 13da3a9cd..b2873283b 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,14 +1,13 @@ module github.com/banzaicloud/koperator/api -go 1.25.0 +go 1.26.0 require ( dario.cat/mergo v1.0.2 emperror.dev/errors v0.8.1 - github.com/cert-manager/cert-manager v1.19.2 - k8s.io/api v0.34.3 - k8s.io/apimachinery v0.34.3 - sigs.k8s.io/controller-runtime v0.22.4 + github.com/cert-manager/cert-manager v1.20.2 + k8s.io/api v0.36.1 + k8s.io/apimachinery v0.36.1 ) require ( @@ -18,9 +17,8 @@ require ( require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect github.com/go-logr/logr v1.4.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kr/text v0.2.0 // indirect @@ -28,17 +26,17 @@ require ( github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/text v0.32.0 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/text v0.37.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af // indirect + k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect ) diff --git a/api/go.sum b/api/go.sum index cfa94ed72..ce450d24e 100644 --- a/api/go.sum +++ b/api/go.sum @@ -2,30 +2,22 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -github.com/cert-manager/cert-manager v1.19.2 h1:jSprN1h5pgNDSl7HClAmIzXuTxic/5FXJ32kbQHqjlM= -github.com/cert-manager/cert-manager v1.19.2/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE= +github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= +github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -36,10 +28,6 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -55,47 +43,16 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -105,21 +62,21 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af h1:zLXA2Irn14q2/06WMkxViyr7YCPUO2lJ0QYE9Juy5vA= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 h1:wU4tMEhLGgIbLvXQb1cfN+EcM0wf7zC6CPF+C79jroc= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/api/v1alpha1/cruisecontroloperation_types.go b/api/v1alpha1/cruisecontroloperation_types.go index 235fbb51b..ff3e54a6b 100644 --- a/api/v1alpha1/cruisecontroloperation_types.go +++ b/api/v1alpha1/cruisecontroloperation_types.go @@ -103,10 +103,6 @@ type CruiseControlTask struct { ErrorMessage string `json:"errorMessage,omitempty"` } -func init() { - SchemeBuilder.Register(&CruiseControlOperation{}, &CruiseControlOperationList{}) -} - // GetTTLSecondsAfterFinished returns Spec.TTLSecondsAfterFinished func (c CruiseControlOperation) GetTTLSecondsAfterFinished() *int { return c.Spec.TTLSecondsAfterFinished diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index 698f8c98c..c055afe37 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -33,17 +33,31 @@ limitations under the License. package v1alpha1 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "kafka.banzaicloud.io", Version: "v1alpha1"} +// GroupVersion is group version used to register these objects. +var GroupVersion = schema.GroupVersion{Group: "kafka.banzaicloud.io", Version: "v1alpha1"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} +var ( + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme ) + +func addKnownTypes(s *runtime.Scheme) error { + s.AddKnownTypes(GroupVersion, + &CruiseControlOperation{}, + &CruiseControlOperationList{}, + &KafkaTopic{}, + &KafkaTopicList{}, + &KafkaUser{}, + &KafkaUserList{}, + ) + metav1.AddToGroupVersion(s, GroupVersion) + return nil +} diff --git a/api/v1alpha1/kafkatopic_types.go b/api/v1alpha1/kafkatopic_types.go index ae9853d87..429fe65d7 100644 --- a/api/v1alpha1/kafkatopic_types.go +++ b/api/v1alpha1/kafkatopic_types.go @@ -70,7 +70,3 @@ type KafkaTopicList struct { metav1.ListMeta `json:"metadata,omitempty"` Items []KafkaTopic `json:"items"` } - -func init() { - SchemeBuilder.Register(&KafkaTopic{}, &KafkaTopicList{}) -} diff --git a/api/v1alpha1/kafkauser_types.go b/api/v1alpha1/kafkauser_types.go index 2135c994a..5630d81de 100644 --- a/api/v1alpha1/kafkauser_types.go +++ b/api/v1alpha1/kafkauser_types.go @@ -53,7 +53,7 @@ type KafkaUserSpec struct { } type PKIBackendSpec struct { - IssuerRef *cmmeta.ObjectReference `json:"issuerRef,omitempty"` + IssuerRef *cmmeta.IssuerReference `json:"issuerRef,omitempty"` // +kubebuilder:validation:Enum={"cert-manager","k8s-csr"} PKIBackend string `json:"pkiBackend"` // SignerName indicates requested signer, and is a qualified name. @@ -98,10 +98,6 @@ type KafkaUserList struct { Items []KafkaUser `json:"items"` } -func init() { - SchemeBuilder.Register(&KafkaUser{}, &KafkaUserList{}) -} - func (spec *KafkaUserSpec) GetIfCertShouldBeCreated() bool { if spec.CreateCert != nil { return *spec.CreateCert diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 88e354be4..13f10c986 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -23,7 +23,7 @@ package v1alpha1 import ( "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -418,7 +418,7 @@ func (in *PKIBackendSpec) DeepCopyInto(out *PKIBackendSpec) { *out = *in if in.IssuerRef != nil { in, out := &in.IssuerRef, &out.IssuerRef - *out = new(v1.ObjectReference) + *out = new(v1.IssuerReference) **out = **in } } diff --git a/api/v1beta1/groupversion_info.go b/api/v1beta1/groupversion_info.go index 7f0d56dd2..b7e052c34 100644 --- a/api/v1beta1/groupversion_info.go +++ b/api/v1beta1/groupversion_info.go @@ -33,17 +33,27 @@ limitations under the License. package v1beta1 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "kafka.banzaicloud.io", Version: "v1beta1"} +// GroupVersion is group version used to register these objects. +var GroupVersion = schema.GroupVersion{Group: "kafka.banzaicloud.io", Version: "v1beta1"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} +var ( + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme ) + +func addKnownTypes(s *runtime.Scheme) error { + s.AddKnownTypes(GroupVersion, + &KafkaCluster{}, + &KafkaClusterList{}, + ) + metav1.AddToGroupVersion(s, GroupVersion) + return nil +} diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index c7daf2eee..7ccae1cee 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -598,7 +598,7 @@ type SSLSecrets struct { TLSSecretName string `json:"tlsSecretName"` JKSPasswordName string `json:"jksPasswordName,omitempty"` Create bool `json:"create,omitempty"` - IssuerRef *cmmeta.ObjectReference `json:"issuerRef,omitempty"` + IssuerRef *cmmeta.IssuerReference `json:"issuerRef,omitempty"` // +kubebuilder:validation:Enum={"cert-manager"} PKIBackend PKIBackend `json:"pkiBackend,omitempty"` } @@ -637,7 +637,7 @@ type IngressServiceSettings struct { // "Cluster" obscures the client source IP and may cause a second hop to // another node, but should have good overall load-spreading. // +optional - ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicyType `json:"externalTrafficPolicy,omitempty"` + ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"` // Service Type string describes ingress methods for a service // Only "NodePort" and "LoadBalancer" is supported. // Default value is LoadBalancer @@ -799,10 +799,6 @@ type KafkaClusterList struct { Items []KafkaCluster `json:"items"` } -func init() { - SchemeBuilder.Register(&KafkaCluster{}, &KafkaClusterList{}) -} - // GetListenerName returns the prepared listener name func (lP *CommonListenerSpec) GetListenerServiceName() string { if !strings.HasPrefix(lP.Name, "tcp-") { diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 88563c7ce..d5cfaf00d 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -25,7 +25,7 @@ import ( apismetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -1060,7 +1060,7 @@ func (in *SSLSecrets) DeepCopyInto(out *SSLSecrets) { *out = *in if in.IssuerRef != nil { in, out := &in.IssuerRef, &out.IssuerRef - *out = new(apismetav1.ObjectReference) + *out = new(apismetav1.IssuerReference) **out = **in } } diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index 49d3c3171..7abba845c 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -1943,7 +1943,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -2173,7 +2175,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -3656,7 +3657,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -3886,7 +3889,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -4738,7 +4740,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -4994,7 +4995,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -5129,9 +5130,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -5805,7 +5807,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -6137,7 +6139,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -6309,8 +6311,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -6690,6 +6691,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -8957,7 +8976,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -9187,7 +9208,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -10676,7 +10696,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -10906,7 +10928,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -11761,7 +11782,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -12018,7 +12038,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -12153,9 +12173,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -12834,7 +12855,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -13168,7 +13189,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -13341,8 +13362,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -13725,6 +13745,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -16063,7 +16101,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -16293,7 +16333,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -17098,7 +17137,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -17239,9 +17277,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -17928,7 +17967,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -18260,7 +18299,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -18432,8 +18471,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -18809,6 +18847,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -20587,9 +20643,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -22414,9 +22471,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -22844,9 +22902,8 @@ spec: create: type: boolean issuerRef: - description: |- - ObjectReference is a reference to an object with a given name, kind and group. - Deprecated: Use IssuerReference instead. + description: IssuerReference is a reference to a certificate + issuer object with a given name, kind and group. properties: group: description: |- diff --git a/charts/kafka-operator/crds/kafkausers.yaml b/charts/kafka-operator/crds/kafkausers.yaml index ca6ace0dd..3706c2a0c 100644 --- a/charts/kafka-operator/crds/kafkausers.yaml +++ b/charts/kafka-operator/crds/kafkausers.yaml @@ -76,9 +76,8 @@ spec: pkiBackendSpec: properties: issuerRef: - description: |- - ObjectReference is a reference to an object with a given name, kind and group. - Deprecated: Use IssuerReference instead. + description: IssuerReference is a reference to a certificate issuer + object with a given name, kind and group. properties: group: description: |- diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index 49d3c3171..7abba845c 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -1943,7 +1943,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -2173,7 +2175,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -3656,7 +3657,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -3886,7 +3889,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -4738,7 +4740,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -4994,7 +4995,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -5129,9 +5130,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -5805,7 +5807,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -6137,7 +6139,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -6309,8 +6311,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -6690,6 +6691,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -8957,7 +8976,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -9187,7 +9208,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -10676,7 +10696,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -10906,7 +10928,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -11761,7 +11782,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -12018,7 +12038,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -12153,9 +12173,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -12834,7 +12855,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -13168,7 +13189,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -13341,8 +13362,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -13725,6 +13745,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -16063,7 +16101,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -16293,7 +16333,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -17098,7 +17137,6 @@ spec: procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: @@ -17239,9 +17277,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -17928,7 +17967,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -18260,7 +18299,7 @@ spec: A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). + The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: @@ -18432,8 +18471,7 @@ spec: description: |- portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type - are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate - is on. + are redirected to the pxd.portworx.com CSI driver. properties: fsType: description: |- @@ -18809,6 +18847,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -20587,9 +20643,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -22414,9 +22471,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -22844,9 +22902,8 @@ spec: create: type: boolean issuerRef: - description: |- - ObjectReference is a reference to an object with a given name, kind and group. - Deprecated: Use IssuerReference instead. + description: IssuerReference is a reference to a certificate + issuer object with a given name, kind and group. properties: group: description: |- diff --git a/config/base/crds/kafka.banzaicloud.io_kafkausers.yaml b/config/base/crds/kafka.banzaicloud.io_kafkausers.yaml index ca6ace0dd..3706c2a0c 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkausers.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkausers.yaml @@ -76,9 +76,8 @@ spec: pkiBackendSpec: properties: issuerRef: - description: |- - ObjectReference is a reference to an object with a given name, kind and group. - Deprecated: Use IssuerReference instead. + description: IssuerReference is a reference to a certificate issuer + object with a given name, kind and group. properties: group: description: |- diff --git a/go.mod b/go.mod index bbf164a80..d8e388c6f 100644 --- a/go.mod +++ b/go.mod @@ -1,97 +1,92 @@ module github.com/banzaicloud/koperator -go 1.25.0 +go 1.26.0 require ( dario.cat/mergo v1.0.2 emperror.dev/errors v0.8.1 - github.com/IBM/sarama v1.46.3 + github.com/IBM/sarama v1.50.1 github.com/Masterminds/sprig/v3 v3.3.0 github.com/banzaicloud/go-cruise-control v0.6.0 github.com/banzaicloud/k8s-objectmatcher v1.8.0 github.com/banzaicloud/koperator/api v0.28.8 github.com/banzaicloud/koperator/properties v0.4.1 - github.com/cert-manager/cert-manager v1.19.2 + github.com/cert-manager/cert-manager v1.20.2 github.com/cisco-open/cluster-registry-controller/api v0.2.12 github.com/envoyproxy/go-control-plane v0.14.0 - github.com/envoyproxy/go-control-plane/envoy v1.36.0 + github.com/envoyproxy/go-control-plane/envoy v1.37.0 github.com/go-logr/logr v1.4.3 - github.com/onsi/ginkgo/v2 v2.27.3 - github.com/onsi/gomega v1.38.3 + github.com/onsi/ginkgo/v2 v2.29.0 + github.com/onsi/gomega v1.41.0 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 - github.com/projectcontour/contour v1.33.0 - github.com/prometheus/common v0.67.4 + github.com/projectcontour/contour v1.33.5 + github.com/prometheus/common v0.68.0 github.com/stretchr/testify v1.11.1 go.uber.org/mock v0.6.0 - go.uber.org/zap v1.27.1 - golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 - google.golang.org/protobuf v1.36.11 + go.uber.org/zap v1.28.0 + golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9 + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af gopkg.in/inf.v0 v0.9.1 gotest.tools v2.2.0+incompatible - k8s.io/api v0.34.3 - k8s.io/apiextensions-apiserver v0.34.3 - k8s.io/apimachinery v0.34.3 - k8s.io/client-go v0.34.3 - sigs.k8s.io/controller-runtime v0.22.4 + k8s.io/api v0.36.1 + k8s.io/apiextensions-apiserver v0.36.1 + k8s.io/apimachinery v0.36.1 + k8s.io/client-go v0.36.1 + sigs.k8s.io/controller-runtime v0.24.1 ) require ( - cel.dev/expr v0.25.1 // indirect + cel.dev/expr v0.25.2 // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect - github.com/fxamacker/cbor/v2 v2.9.0 // indirect - github.com/go-openapi/swag/cmdutils v0.25.4 // indirect - github.com/go-openapi/swag/conv v0.25.4 // indirect - github.com/go-openapi/swag/fileutils v0.25.4 // indirect - github.com/go-openapi/swag/jsonname v0.25.4 // indirect - github.com/go-openapi/swag/jsonutils v0.25.4 // indirect - github.com/go-openapi/swag/loading v0.25.4 // indirect - github.com/go-openapi/swag/mangling v0.25.4 // indirect - github.com/go-openapi/swag/netutils v0.25.4 // indirect - github.com/go-openapi/swag/stringutils v0.25.4 // indirect - github.com/go-openapi/swag/typeutils v0.25.4 // indirect - github.com/go-openapi/swag/yamlutils v0.25.4 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect + github.com/go-openapi/swag/cmdutils v0.26.0 // indirect + github.com/go-openapi/swag/conv v0.26.0 // indirect + github.com/go-openapi/swag/fileutils v0.26.0 // indirect + github.com/go-openapi/swag/jsonname v0.26.0 // indirect + github.com/go-openapi/swag/jsonutils v0.26.0 // indirect + github.com/go-openapi/swag/loading v0.26.0 // indirect + github.com/go-openapi/swag/mangling v0.26.0 // indirect + github.com/go-openapi/swag/netutils v0.26.0 // indirect + github.com/go-openapi/swag/stringutils v0.26.0 // indirect + github.com/go-openapi/swag/typeutils v0.26.0 // indirect + github.com/go-openapi/swag/yamlutils v0.26.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect - github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.7.1 // indirect - github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f // indirect + github.com/google/pprof v0.0.0-20260507013755-92041b743c96 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect - github.com/stretchr/objx v0.5.2 // indirect + github.com/stretchr/objx v0.5.3 // indirect github.com/x448/float16 v0.8.4 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.31.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/tools v0.40.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect + golang.org/x/mod v0.36.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/tools v0.45.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect ) require ( github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.4.0 // indirect + github.com/Masterminds/semver/v3 v3.5.0 // indirect github.com/banzaicloud/operator-tools v0.28.10 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/briandowns/spinner v1.23.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect + github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/eapache/go-resiliency v1.7.0 // indirect - github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect - github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect - github.com/fatih/color v1.18.0 // indirect - github.com/fsnotify/fsnotify v1.9.0 // indirect + github.com/fatih/color v1.19.0 // indirect + github.com/fsnotify/fsnotify v1.10.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.22.4 // indirect - github.com/go-openapi/jsonreference v0.21.4 // indirect - github.com/go-openapi/swag v0.25.4 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/snappy v1.0.0 // indirect + github.com/go-openapi/jsonpointer v0.23.1 // indirect + github.com/go-openapi/jsonreference v0.21.6 // indirect + github.com/go-openapi/swag v0.26.0 // indirect github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 github.com/hashicorp/go-uuid v1.0.3 // indirect @@ -103,20 +98,20 @@ require ( github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect github.com/jcmturner/rpc/v2 v2.0.3 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.2 // indirect - github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/klauspost/compress v1.18.6 // indirect + github.com/mattn/go-colorable v0.1.15 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pierrec/lz4/v4 v4.1.22 // indirect + github.com/pierrec/lz4/v4 v4.1.27 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.23.2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/procfs v0.19.2 // indirect + github.com/prometheus/procfs v0.20.1 // indirect github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/spf13/cast v1.10.0 // indirect @@ -126,19 +121,19 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/wayneashleyberry/terminal-dimensions v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.46.0 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sys v0.39.0 // indirect - golang.org/x/term v0.38.0 // indirect - golang.org/x/text v0.32.0 // indirect - golang.org/x/time v0.14.0 // indirect + golang.org/x/crypto v0.52.0 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect + golang.org/x/time v0.15.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect - sigs.k8s.io/gateway-api v1.4.0 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af // indirect + k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 // indirect + sigs.k8s.io/gateway-api v1.5.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/yaml v1.6.0 ) diff --git a/go.sum b/go.sum index f90ffe73a..b2c44726f 100644 --- a/go.sum +++ b/go.sum @@ -1,61 +1,55 @@ -cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= -cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= +cel.dev/expr v0.25.2 h1:K6j46C81hXtZQfuX60cVWQFBJahKSE2gfRbNuvr5bFs= +cel.dev/expr v0.25.2/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -github.com/IBM/sarama v1.46.3 h1:njRsX6jNlnR+ClJ8XmkO+CM4unbrNr/2vB5KK6UA+IE= -github.com/IBM/sarama v1.46.3/go.mod h1:GTUYiF9DMOZVe3FwyGT+dtSPceGFIgA+sPc5u6CBwko= +github.com/IBM/sarama v1.50.1 h1:OcXFv571hg+h6N8NL3mFIEdK+80t1m51kf/KZQtbfPA= +github.com/IBM/sarama v1.50.1/go.mod h1:+ggHBIXkEU3KXhAm2nCzCu7ohBD1pBIaXCRk1ftPkjY= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2FW8w= github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM= -github.com/cert-manager/cert-manager v1.19.2 h1:jSprN1h5pgNDSl7HClAmIzXuTxic/5FXJ32kbQHqjlM= -github.com/cert-manager/cert-manager v1.19.2/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE= +github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= +github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cisco-open/cluster-registry-controller/api v0.2.12 h1:dxKVG3T75RAU8f0kmeLRh82Ao4koTFIPZEodUTBhg14= github.com/cisco-open/cluster-registry-controller/api v0.2.12/go.mod h1:zRJ4y4xZlEq1AkOm8pd6qpH7WQ9yinLaE3SA30TWh74= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/eapache/go-resiliency v1.7.0 h1:n3NRTnBn5N0Cbi/IeOHuQn9s2UwVUH7Ga0ZWcP+9JTA= github.com/eapache/go-resiliency v1.7.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho= -github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4ALJ04o5Qqpdz8XLIpNA3WM/iSIXqxtqo7UGVws= -github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0= -github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA= github.com/envoyproxy/go-control-plane v0.14.0/go.mod h1:NcS5X47pLl/hfqxU70yPwL9ZMkUlwlKxtAohpi2wBEU= -github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g= -github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98= -github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4= -github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA= +github.com/envoyproxy/go-control-plane/envoy v1.37.0 h1:u3riX6BoYRfF4Dr7dwSOroNfdSbEPe9Yyl09/B6wBrQ= +github.com/envoyproxy/go-control-plane/envoy v1.37.0/go.mod h1:DReE9MMrmecPy+YvQOAOHNYMALuowAnbjjEMkkWOi6A= +github.com/envoyproxy/protoc-gen-validate v1.3.3 h1:MVQghNeW+LZcmXe7SY1V36Z+WFMDjpqGAGacLe2T0ds= +github.com/envoyproxy/protoc-gen-validate v1.3.3/go.mod h1:TsndJ/ngyIdQRhMcVVGDDHINPLWB7C82oDArY51KfB0= github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho= +github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs= github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= @@ -66,52 +60,46 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= -github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= -github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= -github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= -github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= -github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= -github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= -github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= -github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= -github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= -github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= -github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= -github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= -github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= -github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= -github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= -github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= -github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= -github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= -github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= -github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= -github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= -github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= -github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= -github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= -github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= -github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= -github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= -github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +github.com/go-openapi/jsonpointer v0.23.1 h1:1HBACs7XIwR2RcmItfdSFlALhGbe6S92p0ry4d1GWg4= +github.com/go-openapi/jsonpointer v0.23.1/go.mod h1:iWRmZTrGn7XwYhtPt/fvdSFj1OfNBngqRT2UG3BxSqY= +github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y= +github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY= +github.com/go-openapi/swag v0.26.0 h1:GVDXCmfvhfu1BxiHo8/FA+BbKmhecHnG3varjON5/RI= +github.com/go-openapi/swag v0.26.0/go.mod h1:82g3193sZJRbocs7bNCqGfIgq8pkuwVwCfhKIRlEQF0= +github.com/go-openapi/swag/cmdutils v0.26.0 h1:iowihOcvq7y4egO8cOq0dmfohz6wfeQ63U1EnuhO2TU= +github.com/go-openapi/swag/cmdutils v0.26.0/go.mod h1:Sm1MVFMkF6guJJ+pQqHnQA3N0j9qALV3NxzDSv6bETM= +github.com/go-openapi/swag/conv v0.26.0 h1:5yGGsPYI1ZCva93U0AoKi/iZrNhaJEjr324YVsiD89I= +github.com/go-openapi/swag/conv v0.26.0/go.mod h1:tpAmIL7X58VPnHHiSO4uE3jBeRamGsFsfdDeDtb5ECE= +github.com/go-openapi/swag/fileutils v0.26.0 h1:WJoPRvsA7QRiiWluowkLJa9jaYR7FCuxmDvnCgaRRxU= +github.com/go-openapi/swag/fileutils v0.26.0/go.mod h1:0WDJ7lp67eNjPMO50wAWYlKvhOb6CQ37rzR7wrgI8Tc= +github.com/go-openapi/swag/jsonname v0.26.0 h1:gV1NFX9M8avo0YSpmWogqfQISigCmpaiNci8cGECU5w= +github.com/go-openapi/swag/jsonname v0.26.0/go.mod h1:urBBR8bZNoDYGr653ynhIx+gTeIz0ARZxHkAPktJK2M= +github.com/go-openapi/swag/jsonutils v0.26.0 h1:FawFML2iAXsPqmERscuMPIHmFsoP1tOqWkxBaKNMsnA= +github.com/go-openapi/swag/jsonutils v0.26.0/go.mod h1:2VmA0CJlyFqgawOaPI9psnjFDqzyivIqLYN34t9p91E= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0 h1:apqeINu/ICHouqiRZbyFvuDge5jCmmLTqGQ9V95EaOM= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0/go.mod h1:AyM6QT8uz5IdKxk5akv0y6u4QvcL9GWERt0Jx/F/R8Y= +github.com/go-openapi/swag/loading v0.26.0 h1:Apg6zaKhCJurpJer0DCxq99qwmhFddBhaMX7kilDcko= +github.com/go-openapi/swag/loading v0.26.0/go.mod h1:dBxQ/6V2uBaAQdevN18VELE6xSpJWZxLX4txe12JwDg= +github.com/go-openapi/swag/mangling v0.26.0 h1:Du2YC4YLA/Y5m/YKQd7AnY5qq0wRKSFZTTt8ktFaXcQ= +github.com/go-openapi/swag/mangling v0.26.0/go.mod h1:jifS7W9vbg+pw63bT+GI53otluMQL3CeemuyCHKwVx0= +github.com/go-openapi/swag/netutils v0.26.0 h1:CmZp+ZT7HrmFwrC3GdGsXBq2+42T1bjKBapcqVpIs3c= +github.com/go-openapi/swag/netutils v0.26.0/go.mod h1:5iK+Ok3ZohWWex1C50BFTPexi03UaPwjW4Oj8kgrpwo= +github.com/go-openapi/swag/stringutils v0.26.0 h1:qZQngLxs5s7SLijc3N2ZO+fUq2o8LjuWAASSrJuh+xg= +github.com/go-openapi/swag/stringutils v0.26.0/go.mod h1:sWn5uY+QIIspwPhvgnqJsH8xqFT2ZbYcvbcFanRyhFE= +github.com/go-openapi/swag/typeutils v0.26.0 h1:2kdEwdiNWy+JJdOvu5MA2IIg2SylWAFuuyQIKYybfq4= +github.com/go-openapi/swag/typeutils v0.26.0/go.mod h1:oovDuIUvTrEHVMqWilQzKzV4YlSKgyZmFh7AlfABNVE= +github.com/go-openapi/swag/yamlutils v0.26.0 h1:H7O8l/8NJJQ/oiReEN+oMpnGMyt8G0hl460nRZxhLMQ= +github.com/go-openapi/swag/yamlutils v0.26.0/go.mod h1:1evKEGAtP37Pkwcc7EWMF0hedX0/x3Rkvei2wtG/TbU= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2 h1:5zRca5jw7lzVREKCZVNBpysDNBjj74rBh0N2BGQbSR0= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2/go.mod h1:XVevPw5hUXuV+5AkI1u1PeAm27EQVrhXTTCPAF85LmE= +github.com/go-openapi/testify/v2 v2.5.1 h1:TMdhCaw8fUNraVSf3Omoob1dO/AzBfhtFAPW0an6sBo= +github.com/go-openapi/testify/v2 v2.5.1/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= -github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= -github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= @@ -119,8 +107,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f h1:HU1RgM6NALf/KW9HEY6zry3ADbDKcmpQ+hJedoNGQYQ= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f/go.mod h1:67FPmZWbr+KDT/VlpWtw6sO9XSjpJmLuHpoLmWiTGgY= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96 h1:YDDnaZ9afWajDboPMt9Vikqca/yWAX7KAxVzb4lJU1M= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= @@ -148,10 +136,8 @@ github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= -github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao= +github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -160,10 +146,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= -github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= -github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-colorable v0.1.15 h1:+u9SLTRGnXv73cEsnsmoZBom+dMU88B2M0aDcWy0/jY= +github.com/mattn/go-colorable v0.1.15/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -178,14 +164,14 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.27.3 h1:ICsZJ8JoYafeXFFlFAG75a7CxMsJHwgKwtO+82SE9L8= -github.com/onsi/ginkgo/v2 v2.27.3/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM= -github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4= +github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= +github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= -github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU= -github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pierrec/lz4/v4 v4.1.27 h1:+PhzhWDrjRj89TH2sw43nE3+4+W8lSxIuQadEHZyjUk= +github.com/pierrec/lz4/v4 v4.1.27/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= @@ -193,16 +179,16 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/projectcontour/contour v1.33.0 h1:Aewh+Yt5DY005CGvdxtpquZWmc6/6IsDTs1ze8CvtZk= -github.com/projectcontour/contour v1.33.0/go.mod h1:bCNCQICmheYMj1kx4dEWHp7fXKZc3nbHbWj1tqZ77rc= +github.com/projectcontour/contour v1.33.5 h1:UW35nwj57JdVHsJVs7Kp75Xj4oIbKPmY/Uv2nKDtCBw= +github.com/projectcontour/contour v1.33.5/go.mod h1:eaTpn6uxhBNmy0OT2dmpnrwfEbQJ8/LrTg3o+kgI2jk= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= -github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= -github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= -github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/prometheus/common v0.68.0 h1:8rQJvQmYltsR2L7h8Zw0Iyj8WYNNmpwikoQTZXwfVeA= +github.com/prometheus/common v0.68.0/go.mod h1:4soH+U8yJSROk7OJ//hmTiWKsxapv6zRGgTt3keN8gQ= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= +github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 h1:bsUq1dX0N8AOIL7EB/X911+m4EHsnWEHeJ0c+3TTBrg= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= @@ -216,8 +202,8 @@ github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3A github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4= +github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -238,8 +224,6 @@ github.com/wayneashleyberry/terminal-dimensions v1.1.0 h1:EB7cIzBdsOzAgmhTUtTTQX github.com/wayneashleyberry/terminal-dimensions v1.1.0/go.mod h1:2lc/0eWCObmhRczn2SdGSQtgBooLUzIotkkEGXqghyg= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -249,88 +233,71 @@ go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= +golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= +golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9 h1:4d4PbuBNwaxMXkXI8yiIYjydtMU+04RHeuSxJdgKftM= +golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9/go.mod h1:d2fgXJLVs4dYDHUk5lwMIfzRzSrWCfGZb0ZqeLa/Vcw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 h1:7LRqPCEdE4TP4/9psdaB7F2nhZFfBiGJomA5sojLWdU= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 h1:2I6GHUeJ/4shcDpoUlLs/2WPnhg7yJwvXtqcMJt9liA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa h1:Kjn0N0tCrDgiAFW+lGO4JZ3ck44CehvJQMAwj9QF0G8= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:q4lMZS6kskjT5HvCPrnnypcDPVJqT/f4nfxmkE7gryY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa h1:mZHHdPZl0dbGHCflZgAq/Q468DWVFcU2whhB2KAo8fk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -344,29 +311,29 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= -sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= -sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apiextensions-apiserver v0.36.1 h1:6JfYmPUsuUIHuN+3QxutXYWj492RqF5fBSx67GYK5Ks= +k8s.io/apiextensions-apiserver v0.36.1/go.mod h1:pLzZin90riwisdzKwv/GoTwENooytoIx5zWJb4Hkby8= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/client-go v0.36.1 h1:FN/K8QIT2CEDt+2WB2HnWrUANZ50AP5GII43/SP2JR0= +k8s.io/client-go v0.36.1/go.mod h1:s6rAnCtTGYDQnpNjEhSaISV+2O8jwruZ6m3QOYBFbtU= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af h1:zLXA2Irn14q2/06WMkxViyr7YCPUO2lJ0QYE9Juy5vA= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 h1:wU4tMEhLGgIbLvXQb1cfN+EcM0wf7zC6CPF+C79jroc= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= +sigs.k8s.io/controller-runtime v0.24.1 h1:miPEwrmirImAvgME1L9qebGHrOnGJoVmVdtOU9fRfo4= +sigs.k8s.io/controller-runtime v0.24.1/go.mod h1:vFkfY5fGt5xAC/sKb8IBFKgWPNKG9OUG29dR8Y2wImw= +sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= +sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/main.go b/main.go index d616d4208..e2d65eee9 100644 --- a/main.go +++ b/main.go @@ -241,7 +241,7 @@ func main() { } if !webhookDisabled { - err = ctrl.NewWebhookManagedBy(mgr).For(&banzaicloudv1beta1.KafkaCluster{}). + err = ctrl.NewWebhookManagedBy(mgr, &banzaicloudv1beta1.KafkaCluster{}). WithValidator(webhooks.KafkaClusterValidator{ Log: mgr.GetLogger().WithName("webhooks").WithName("KafkaCluster"), }). @@ -250,8 +250,8 @@ func main() { setupLog.Error(err, "unable to create validating webhook", "Kind", "KafkaCluster") os.Exit(1) } - err = ctrl.NewWebhookManagedBy(mgr).For(&banzaicloudv1alpha1.KafkaTopic{}). - WithValidator(webhooks.KafkaTopicValidator{ + err = ctrl.NewWebhookManagedBy(mgr, &banzaicloudv1alpha1.KafkaTopic{}). + WithValidator(&webhooks.KafkaTopicValidator{ Client: mgr.GetClient(), NewKafkaFromCluster: kafkaclient.NewFromCluster, Log: mgr.GetLogger().WithName("webhooks").WithName("KafkaTopic"), diff --git a/pkg/kafkaclient/mock_client.go b/pkg/kafkaclient/mock_client.go index b10cf1147..78e4d3142 100644 --- a/pkg/kafkaclient/mock_client.go +++ b/pkg/kafkaclient/mock_client.go @@ -223,6 +223,17 @@ func (m *mockClusterAdmin) CreateACL(resource sarama.Resource, acl sarama.Acl) e return nil } +func (m *mockClusterAdmin) CreateACLs(resourceACLs []*sarama.ResourceAcls) error { + for _, ra := range resourceACLs { + for _, acl := range ra.Acls { + if err := m.CreateACL(ra.Resource, *acl); err != nil { + return err + } + } + } + return nil +} + func (m *mockClusterAdmin) ListAcls(filter sarama.AclFilter) ([]sarama.ResourceAcls, error) { m.Lock() defer m.Unlock() diff --git a/pkg/kafkaclient/users.go b/pkg/kafkaclient/users.go index 557d8fd76..411a69e8b 100644 --- a/pkg/kafkaclient/users.go +++ b/pkg/kafkaclient/users.go @@ -98,33 +98,16 @@ func (k *kafkaClient) createReadACLs(dn string, topic string, patternType sarama return err } - // READ on topic - if err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceTopic, - ResourceName: topic, - ResourcePatternType: patternType, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationRead, - PermissionType: sarama.AclPermissionAllow, - }); err != nil { - return err - } - - // READ on groups - err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceGroup, - ResourceName: "*", - ResourcePatternType: sarama.AclPatternLiteral, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationRead, - PermissionType: sarama.AclPermissionAllow, + return k.admin.CreateACLs([]*sarama.ResourceAcls{ + { + Resource: sarama.Resource{ResourceType: sarama.AclResourceTopic, ResourceName: topic, ResourcePatternType: patternType}, + Acls: []*sarama.Acl{{Principal: dn, Host: "*", Operation: sarama.AclOperationRead, PermissionType: sarama.AclPermissionAllow}}, + }, + { + Resource: sarama.Resource{ResourceType: sarama.AclResourceGroup, ResourceName: "*", ResourcePatternType: sarama.AclPatternLiteral}, + Acls: []*sarama.Acl{{Principal: dn, Host: "*", Operation: sarama.AclOperationRead, PermissionType: sarama.AclPermissionAllow}}, + }, }) - - return err } func (k *kafkaClient) createWriteACLs(dn string, topic string, patternType sarama.AclResourcePatternType) (err error) { @@ -132,62 +115,25 @@ func (k *kafkaClient) createWriteACLs(dn string, topic string, patternType saram return err } - // WRITE on topic - if err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceTopic, - ResourceName: topic, - ResourcePatternType: patternType, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationWrite, - PermissionType: sarama.AclPermissionAllow, - }); err != nil { - return err - } - - // CREATE on topic - err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceTopic, - ResourceName: topic, - ResourcePatternType: patternType, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationCreate, - PermissionType: sarama.AclPermissionAllow, + return k.admin.CreateACLs([]*sarama.ResourceAcls{ + { + Resource: sarama.Resource{ResourceType: sarama.AclResourceTopic, ResourceName: topic, ResourcePatternType: patternType}, + Acls: []*sarama.Acl{ + {Principal: dn, Host: "*", Operation: sarama.AclOperationWrite, PermissionType: sarama.AclPermissionAllow}, + {Principal: dn, Host: "*", Operation: sarama.AclOperationCreate, PermissionType: sarama.AclPermissionAllow}, + }, + }, }) - - return err } -func (k *kafkaClient) createCommonACLs(dn string, topic string, patternType sarama.AclResourcePatternType) (err error) { - // DESCRIBE on topic - if err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceTopic, - ResourceName: topic, - ResourcePatternType: patternType, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationDescribe, - PermissionType: sarama.AclPermissionAllow, - }); err != nil { - return err - } - - // DESCRIBE_CONFIGS on topic - if err = k.admin.CreateACL(sarama.Resource{ - ResourceType: sarama.AclResourceTopic, - ResourceName: topic, - ResourcePatternType: patternType, - }, sarama.Acl{ - Principal: dn, - Host: "*", - Operation: sarama.AclOperationDescribeConfigs, - PermissionType: sarama.AclPermissionAllow, - }); err != nil { - return err - } - return err +func (k *kafkaClient) createCommonACLs(dn string, topic string, patternType sarama.AclResourcePatternType) error { + return k.admin.CreateACLs([]*sarama.ResourceAcls{ + { + Resource: sarama.Resource{ResourceType: sarama.AclResourceTopic, ResourceName: topic, ResourcePatternType: patternType}, + Acls: []*sarama.Acl{ + {Principal: dn, Host: "*", Operation: sarama.AclOperationDescribe, PermissionType: sarama.AclPermissionAllow}, + {Principal: dn, Host: "*", Operation: sarama.AclOperationDescribeConfigs, PermissionType: sarama.AclPermissionAllow}, + }, + }, + }) } diff --git a/pkg/pki/certmanagerpki/certmanager_pki.go b/pkg/pki/certmanagerpki/certmanager_pki.go index b4d21310b..c729de40d 100644 --- a/pkg/pki/certmanagerpki/certmanager_pki.go +++ b/pkg/pki/certmanagerpki/certmanager_pki.go @@ -221,7 +221,7 @@ func caCertForCluster(cluster *v1beta1.KafkaCluster) *certv1.Certificate { SecretName: fmt.Sprintf(pkicommon.BrokerCACertTemplate, cluster.Name), CommonName: pkicommon.EnsureValidCommonNameLen(fmt.Sprintf(pkicommon.CAFQDNTemplate, cluster.Name, cluster.Namespace)), IsCA: true, - IssuerRef: certmeta.ObjectReference{ + IssuerRef: certmeta.IssuerReference{ Name: fmt.Sprintf(pkicommon.BrokerSelfSignerTemplate, cluster.Name), Kind: certv1.ClusterIssuerKind, }, diff --git a/pkg/pki/certmanagerpki/certmanager_pki_test.go b/pkg/pki/certmanagerpki/certmanager_pki_test.go index edabd656d..431f0491f 100644 --- a/pkg/pki/certmanagerpki/certmanager_pki_test.go +++ b/pkg/pki/certmanagerpki/certmanager_pki_test.go @@ -131,7 +131,7 @@ func TestReconcilePKI(t *testing.T) { } // Testing IssuerRef case - cluster.Spec.ListenersConfig.SSLSecrets.IssuerRef = &cmmeta.ObjectReference{ + cluster.Spec.ListenersConfig.SSLSecrets.IssuerRef = &cmmeta.IssuerReference{ Name: "test", Kind: "testKind", Group: "testGroup", diff --git a/pkg/pki/certmanagerpki/certmanager_user.go b/pkg/pki/certmanagerpki/certmanager_user.go index 6257503db..b693716ed 100644 --- a/pkg/pki/certmanagerpki/certmanager_user.go +++ b/pkg/pki/certmanagerpki/certmanager_user.go @@ -158,7 +158,7 @@ func (c *certManager) clusterCertificateForUser( CommonName: user.GetName(), URIs: []string{fmt.Sprintf(spiffeIdTemplate, clusterDomain, user.GetNamespace(), user.GetName())}, Usages: []certv1.KeyUsage{certv1.UsageClientAuth, certv1.UsageServerAuth}, - IssuerRef: certmeta.ObjectReference{ + IssuerRef: certmeta.IssuerReference{ Name: caName, Kind: caKind, Group: caGroup, @@ -187,7 +187,7 @@ func (c *certManager) clusterCertificateForUser( // getCA returns the CA name/kind/group for the KafkaCluster func (c *certManager) getCA(user *v1alpha1.KafkaUser) (caName, caKind, caGroup string) { - var issuerRef *certmeta.ObjectReference + var issuerRef *certmeta.IssuerReference if user.Spec.PKIBackendSpec != nil { issuerRef = user.Spec.PKIBackendSpec.IssuerRef } else { diff --git a/pkg/pki/certmanagerpki/certmanager_user_test.go b/pkg/pki/certmanagerpki/certmanager_user_test.go index 45c90e14d..70aa2659f 100644 --- a/pkg/pki/certmanagerpki/certmanager_user_test.go +++ b/pkg/pki/certmanagerpki/certmanager_user_test.go @@ -93,7 +93,7 @@ func TestReconcileUserCertificate(t *testing.T) { // Test IssuerRef case user := newMockUser() user.Spec.PKIBackendSpec = &v1alpha1.PKIBackendSpec{ - IssuerRef: &cmmeta.ObjectReference{ + IssuerRef: &cmmeta.IssuerReference{ Name: "test", Kind: "testKind", Group: "testGroup", diff --git a/pkg/resources/kafka/mocks/SubResourceClient.go b/pkg/resources/kafka/mocks/SubResourceClient.go index 4286f1aca..4745243aa 100644 --- a/pkg/resources/kafka/mocks/SubResourceClient.go +++ b/pkg/resources/kafka/mocks/SubResourceClient.go @@ -21,6 +21,7 @@ import ( "go.uber.org/mock/gomock" + "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -122,3 +123,22 @@ func (mr *MockSubResourceClientMockRecorder) Update(arg0, arg1 interface{}, arg2 varargs := append([]interface{}{arg0, arg1}, arg2...) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Update", reflect.TypeOf((*MockSubResourceClient)(nil).Update), varargs...) } + +// Apply mocks base method. +func (m *MockSubResourceClient) Apply(arg0 context.Context, arg1 runtime.ApplyConfiguration, arg2 ...client.SubResourceApplyOption) error { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "Apply", varargs...) + ret0, _ := ret[0].(error) + return ret0 +} + +// Apply indicates an expected call of Apply. +func (mr *MockSubResourceClientMockRecorder) Apply(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Apply", reflect.TypeOf((*MockSubResourceClient)(nil).Apply), varargs...) +} diff --git a/pkg/webhooks/kafkacluster_validator.go b/pkg/webhooks/kafkacluster_validator.go index d9f7b8932..486db357e 100644 --- a/pkg/webhooks/kafkacluster_validator.go +++ b/pkg/webhooks/kafkacluster_validator.go @@ -24,7 +24,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/go-logr/logr" @@ -37,9 +36,8 @@ type KafkaClusterValidator struct { Log logr.Logger } -func (s KafkaClusterValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) { +func (s KafkaClusterValidator) ValidateUpdate(ctx context.Context, _, kafkaClusterNew *banzaicloudv1beta1.KafkaCluster) (warnings admission.Warnings, err error) { var allErrs field.ErrorList - kafkaClusterNew := newObj.(*banzaicloudv1beta1.KafkaCluster) log := s.Log.WithValues("name", kafkaClusterNew.GetName(), "namespace", kafkaClusterNew.GetNamespace()) listenerErrs := checkInternalAndExternalListeners(&kafkaClusterNew.Spec) @@ -57,9 +55,8 @@ func (s KafkaClusterValidator) ValidateUpdate(ctx context.Context, oldObj, newOb kafkaClusterNew.Name, allErrs) } -func (s KafkaClusterValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { +func (s KafkaClusterValidator) ValidateCreate(ctx context.Context, kafkaCluster *banzaicloudv1beta1.KafkaCluster) (warnings admission.Warnings, err error) { var allErrs field.ErrorList - kafkaCluster := obj.(*banzaicloudv1beta1.KafkaCluster) log := s.Log.WithValues("name", kafkaCluster.GetName(), "namespace", kafkaCluster.GetNamespace()) listenerErrs := checkInternalAndExternalListeners(&kafkaCluster.Spec) @@ -77,7 +74,7 @@ func (s KafkaClusterValidator) ValidateCreate(ctx context.Context, obj runtime.O kafkaCluster.Name, allErrs) } -func (s KafkaClusterValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { +func (s KafkaClusterValidator) ValidateDelete(_ context.Context, _ *banzaicloudv1beta1.KafkaCluster) (warnings admission.Warnings, err error) { return nil, nil } diff --git a/pkg/webhooks/kafkatopic_validator.go b/pkg/webhooks/kafkatopic_validator.go index 969184cbb..d1e09e41a 100644 --- a/pkg/webhooks/kafkatopic_validator.go +++ b/pkg/webhooks/kafkatopic_validator.go @@ -25,7 +25,6 @@ import ( "emperror.dev/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/controller-runtime/pkg/client" @@ -52,20 +51,19 @@ type KafkaTopicValidator struct { Log logr.Logger } -func (s KafkaTopicValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { - return s.validate(ctx, obj) +func (s KafkaTopicValidator) ValidateCreate(ctx context.Context, kafkaTopic *banzaicloudv1alpha1.KafkaTopic) (warnings admission.Warnings, err error) { + return s.validate(ctx, kafkaTopic) } -func (s KafkaTopicValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) { - return s.validate(ctx, newObj) +func (s KafkaTopicValidator) ValidateUpdate(ctx context.Context, _, kafkaTopic *banzaicloudv1alpha1.KafkaTopic) (warnings admission.Warnings, err error) { + return s.validate(ctx, kafkaTopic) } -func (s KafkaTopicValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { +func (s KafkaTopicValidator) ValidateDelete(_ context.Context, _ *banzaicloudv1alpha1.KafkaTopic) (warnings admission.Warnings, err error) { return nil, nil } -func (s *KafkaTopicValidator) validate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { - kafkaTopic := obj.(*banzaicloudv1alpha1.KafkaTopic) +func (s *KafkaTopicValidator) validate(ctx context.Context, kafkaTopic *banzaicloudv1alpha1.KafkaTopic) (warnings admission.Warnings, err error) { log := s.Log.WithValues("name", kafkaTopic.GetName(), "namespace", kafkaTopic.GetNamespace()) fieldErrs, err := s.validateKafkaTopic(ctx, log, kafkaTopic) diff --git a/properties/go.mod b/properties/go.mod index 569abdd60..6de61e6f2 100644 --- a/properties/go.mod +++ b/properties/go.mod @@ -4,14 +4,15 @@ go 1.25.0 require ( emperror.dev/errors v0.8.1 - github.com/onsi/gomega v1.38.3 + github.com/onsi/gomega v1.41.0 ) require ( github.com/google/go-cmp v0.7.0 // indirect + github.com/kr/text v0.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/text v0.32.0 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/text v0.37.0 // indirect ) diff --git a/properties/go.sum b/properties/go.sum index 6cecb28e3..113ea4b3d 100644 --- a/properties/go.sum +++ b/properties/go.sum @@ -1,47 +1,39 @@ emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= -github.com/onsi/ginkgo/v2 v2.25.3 h1:Ty8+Yi/ayDAGtk4XxmmfUy4GabvM+MegeB4cDLRi6nw= -github.com/onsi/ginkgo/v2 v2.25.3/go.mod h1:43uiyQC4Ed2tkOzLsEYm7hnrb7UJTWHYNsuy3bG/snE= -github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM= -github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= -go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod index 29c992263..f86744f90 100644 --- a/tests/e2e/go.mod +++ b/tests/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/banzaicloud/koperator/tests/e2e -go 1.25.0 +go 1.26.0 require ( emperror.dev/errors v0.8.1 @@ -8,97 +8,92 @@ require ( github.com/banzaicloud/koperator v0.25.1 github.com/banzaicloud/koperator/api v0.28.8 github.com/cisco-open/k8s-objectmatcher v1.10.0 - github.com/gruntwork-io/terratest v0.54.0 - github.com/onsi/ginkgo/v2 v2.27.3 - github.com/onsi/gomega v1.38.3 - github.com/twmb/franz-go v1.20.5 - k8s.io/api v0.34.3 - k8s.io/apiextensions-apiserver v0.34.3 - k8s.io/apimachinery v0.34.3 + github.com/gruntwork-io/terratest v1.0.0 + github.com/onsi/ginkgo/v2 v2.29.0 + github.com/onsi/gomega v1.41.0 + github.com/twmb/franz-go v1.21.2 + k8s.io/api v0.36.1 + k8s.io/apiextensions-apiserver v0.36.1 + k8s.io/apimachinery v0.36.1 sigs.k8s.io/yaml v1.6.0 ) require ( dario.cat/mergo v1.0.2 // indirect - filippo.io/edwards25519 v1.1.0 // indirect - github.com/BurntSushi/toml v1.5.0 // indirect - github.com/IBM/sarama v1.46.3 // indirect + filippo.io/edwards25519 v1.1.1 // indirect + github.com/BurntSushi/toml v1.6.0 // indirect + github.com/IBM/sarama v1.50.1 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.4.0 // indirect - github.com/aws/aws-sdk-go-v2 v1.39.2 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect - github.com/aws/aws-sdk-go-v2/config v1.31.12 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.18.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/service/acm v1.30.6 // indirect - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0 // indirect - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0 // indirect - github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0 // indirect - github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 // indirect - github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0 // indirect - github.com/aws/aws-sdk-go-v2/service/rds v1.91.0 // indirect - github.com/aws/aws-sdk-go-v2/service/route53 v1.58.4 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0 // indirect - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 // indirect - github.com/aws/aws-sdk-go-v2/service/sns v1.33.6 // indirect - github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 // indirect - github.com/aws/smithy-go v1.23.0 // indirect - github.com/banzaicloud/istio-client-go v0.0.17 // indirect + github.com/Masterminds/semver/v3 v3.5.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.41.6 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.9 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.16 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.15 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23 // indirect + github.com/aws/aws-sdk-go-v2/service/acm v1.38.2 // indirect + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.66.1 // indirect + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.69.1 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.297.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecs v1.78.1 // indirect + github.com/aws/aws-sdk-go-v2/service/iam v1.53.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.22 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.50.5 // indirect + github.com/aws/aws-sdk-go-v2/service/lambda v1.89.1 // indirect + github.com/aws/aws-sdk-go-v2/service/rds v1.118.1 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.62.6 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.99.1 // indirect + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sns v1.39.16 // indirect + github.com/aws/aws-sdk-go-v2/service/sqs v1.42.26 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.68.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.16 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 // indirect + github.com/aws/smithy-go v1.25.0 // indirect github.com/banzaicloud/koperator/properties v0.4.1 // indirect github.com/banzaicloud/operator-tools v0.28.10 // indirect github.com/boombuler/barcode v1.0.1 // indirect github.com/briandowns/spinner v1.23.2 // indirect - github.com/cert-manager/cert-manager v1.19.2 // indirect + github.com/cert-manager/cert-manager v1.20.2 // indirect github.com/cisco-open/cluster-registry-controller/api v0.2.12 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/eapache/go-resiliency v1.7.0 // indirect - github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect - github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect - github.com/fatih/color v1.18.0 // indirect - github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/fatih/color v1.19.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.22.4 // indirect - github.com/go-openapi/jsonreference v0.21.4 // indirect - github.com/go-openapi/swag v0.25.4 // indirect - github.com/go-openapi/swag/cmdutils v0.25.4 // indirect - github.com/go-openapi/swag/conv v0.25.4 // indirect - github.com/go-openapi/swag/fileutils v0.25.4 // indirect - github.com/go-openapi/swag/jsonname v0.25.4 // indirect - github.com/go-openapi/swag/jsonutils v0.25.4 // indirect - github.com/go-openapi/swag/loading v0.25.4 // indirect - github.com/go-openapi/swag/mangling v0.25.4 // indirect - github.com/go-openapi/swag/netutils v0.25.4 // indirect - github.com/go-openapi/swag/stringutils v0.25.4 // indirect - github.com/go-openapi/swag/typeutils v0.25.4 // indirect - github.com/go-openapi/swag/yamlutils v0.25.4 // indirect + github.com/go-openapi/jsonpointer v0.23.1 // indirect + github.com/go-openapi/jsonreference v0.21.6 // indirect + github.com/go-openapi/swag v0.26.0 // indirect + github.com/go-openapi/swag/cmdutils v0.26.0 // indirect + github.com/go-openapi/swag/conv v0.26.0 // indirect + github.com/go-openapi/swag/fileutils v0.26.0 // indirect + github.com/go-openapi/swag/jsonname v0.26.0 // indirect + github.com/go-openapi/swag/jsonutils v0.26.0 // indirect + github.com/go-openapi/swag/loading v0.26.0 // indirect + github.com/go-openapi/swag/mangling v0.26.0 // indirect + github.com/go-openapi/swag/netutils v0.26.0 // indirect + github.com/go-openapi/swag/stringutils v0.26.0 // indirect + github.com/go-openapi/swag/typeutils v0.26.0 // indirect + github.com/go-openapi/swag/yamlutils v0.26.0 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/snappy v1.0.0 // indirect github.com/gonvenience/bunt v1.3.5 // indirect github.com/gonvenience/neat v1.3.12 // indirect github.com/gonvenience/term v1.0.2 // indirect @@ -107,7 +102,7 @@ require ( github.com/gonvenience/ytbx v1.4.4 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f // indirect + github.com/google/pprof v0.0.0-20260507013755-92041b743c96 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gruntwork-io/go-commons v0.17.1 // indirect @@ -119,33 +114,30 @@ require ( github.com/iancoleman/orderedmap v0.3.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jackc/pgx/v5 v5.7.1 // indirect + github.com/jackc/pgx/v5 v5.9.0 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/jcmturner/aescts/v2 v2.0.0 // indirect github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect github.com/jcmturner/gofork v1.7.6 // indirect github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect github.com/jcmturner/rpc/v2 v2.0.3 // indirect - github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.2 // indirect + github.com/klauspost/compress v1.18.6 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect - github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-colorable v0.1.15 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect github.com/mattn/go-zglob v0.0.4 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/hashstructure v1.1.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/spdystream v0.5.0 // indirect + github.com/moby/spdystream v0.5.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 // indirect - github.com/pierrec/lz4/v4 v4.1.22 // indirect + github.com/pierrec/lz4/v4 v4.1.27 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/otp v1.4.0 // indirect @@ -160,40 +152,41 @@ require ( github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.2.0 // indirect github.com/tidwall/pretty v1.2.1 // indirect - github.com/twmb/franz-go/pkg/kmsg v1.12.0 // indirect + github.com/twmb/franz-go/pkg/kmsg v1.13.1 // indirect github.com/urfave/cli/v2 v2.25.7 // indirect github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect github.com/wayneashleyberry/terminal-dimensions v1.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.1 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.uber.org/zap v1.28.0 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.46.0 // indirect - golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect - golang.org/x/mod v0.31.0 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.39.0 // indirect - golang.org/x/term v0.38.0 // indirect - golang.org/x/text v0.32.0 // indirect - golang.org/x/time v0.14.0 // indirect - golang.org/x/tools v0.40.0 // indirect - google.golang.org/protobuf v1.36.11 // indirect + golang.org/x/crypto v0.52.0 // indirect + golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9 // indirect + golang.org/x/mod v0.36.0 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect + golang.org/x/time v0.15.0 // indirect + golang.org/x/tools v0.45.0 // indirect + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/client-go v0.34.3 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect - sigs.k8s.io/controller-runtime v0.22.4 // indirect + k8s.io/client-go v0.36.1 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af // indirect + k8s.io/streaming v0.36.1 // indirect + k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 // indirect + sigs.k8s.io/controller-runtime v0.24.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect ) replace github.com/banzaicloud/koperator => ../.. diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index 697733d02..a2ea000bf 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -2,94 +2,92 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= -filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/IBM/sarama v1.46.3 h1:njRsX6jNlnR+ClJ8XmkO+CM4unbrNr/2vB5KK6UA+IE= -github.com/IBM/sarama v1.46.3/go.mod h1:GTUYiF9DMOZVe3FwyGT+dtSPceGFIgA+sPc5u6CBwko= +filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw= +filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/IBM/sarama v1.50.1 h1:OcXFv571hg+h6N8NL3mFIEdK+80t1m51kf/KZQtbfPA= +github.com/IBM/sarama v1.50.1/go.mod h1:+ggHBIXkEU3KXhAm2nCzCu7ohBD1pBIaXCRk1ftPkjY= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I= -github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= -github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8= -github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8= -github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI= -github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 h1:hqcxMc2g/MwwnRMod9n6Bd+t+9Nf7d5qRg7RaXKPd6o= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41/go.mod h1:d1eH0VrttvPmrCraU68LOyNdu26zFxQFjrVSb5vdhog= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 h1:JX70yGKLj25+lMC5Yyh8wBtvB01GDilyRuJvXJ4piD0= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24/go.mod h1:+Ln60j9SUTD0LEwnhEB0Xhg61DHqplBrbZpLgyjoEHg= -github.com/aws/aws-sdk-go-v2/service/acm v1.30.6 h1:fDg0RlN30Xf/yYzEUL/WXqhmgFsjVb/I3230oCfyI5w= -github.com/aws/aws-sdk-go-v2/service/acm v1.30.6/go.mod h1:zRR6jE3v/TcbfO8C2P+H0Z+kShiKKVaVyoIl8NQRjyg= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0 h1:1KzQVZi7OTixxaVJ8fWaJAUBjme+iQ3zBOCZhE4RgxQ= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0/go.mod h1:I1+/2m+IhnK5qEbhS3CrzjeiVloo9sItE/2K+so0fkU= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0 h1:OREVd94+oXW5a+3SSUAo4K0L5ci8cucCLu+PSiek8OU= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0/go.mod h1:Qbr4yfpNqVNl69l/GEDK+8wxLf/vHi0ChoiSDzD7thU= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1 h1:vucMirlM6D+RDU8ncKaSZ/5dGrXNajozVwpmWNPn2gQ= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1/go.mod h1:fceORfs010mNxZbQhfqUjUeHlTwANmIT4mvHamuUaUg= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0 h1:RhSoBFT5/8tTmIseJUXM6INTXTQDF8+0oyxWBnozIms= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0/go.mod h1:mzj8EEjIHSN2oZRXiw1Dd+uB4HZTl7hC8nBzX9IZMWw= -github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 h1:zg+3FGHA0PBs0KM25qE/rOf2o5zsjNa1g/Qq83+SDI0= -github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6/go.mod h1:ZSq54Z9SIsOTf1Efwgw1msilSs4XVEfVQiP9nYVnKpM= -github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0 h1:7/vgFWplkusJN/m+3QOa+W9FNRqa8ujMPNmdufRaJpg= -github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0/go.mod h1:dPTOvmjJQ1T7Q+2+Xs2KSPrMvx+p0rpyV+HsQVnUK4o= -github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 h1:hfkzDZHBp9jAT4zcd5mtqckpU4E3Ax0LQaEWWk1VgN8= -github.com/aws/aws-sdk-go-v2/service/iam v1.38.1/go.mod h1:u36ahDtZcQHGmVm/r+0L1sfKX4fzLEMdCqiKRKkUMVM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 h1:gvZOjQKPxFXy1ft3QnEyXmT+IqneM9QAUWlM3r0mfqw= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5/go.mod h1:DLWnfvIcm9IET/mmjdxeXbBKmTCm0ZB8p1za9BVteM8= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5 h1:3Y457U2eGukmjYjeHG6kanZpDzJADa2m0ADqnuePYVQ= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5/go.mod h1:CfwEHGkTjYZpkQ/5PvcbEtT7AJlG68KkEvmtwU8z3/U= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9/go.mod h1:dB12CEbNWPbzO2uC6QSWHteqOg4JfBVJOojbAoAUb5I= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 h1:P1doBzv5VEg1ONxnJss1Kh5ZG/ewoIE4MQtKKc6Crgg= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5/go.mod h1:NOP+euMW7W3Ukt28tAxPuoWao4rhhqJD3QEBk7oCg7w= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 h1:CZImQdb1QbU9sGgJ9IswhVkxAcjkkD1eQTMA1KHWk+E= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.6/go.mod h1:YJDdlK0zsyxVBxGU48AR/Mi8DMrGdc1E3Yij4fNrONA= -github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0 h1:BXt75frE/FYtAmEDBJRBa2HexOw+oAZWZl6QknZEFgg= -github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0/go.mod h1:guz2K3x4FKSdDaoeB+TPVgJNU9oj2gftbp5cR8ela1A= -github.com/aws/aws-sdk-go-v2/service/rds v1.91.0 h1:eqHz3Uih+gb0vLE5Cc4Xf733vOxsxDp6GFUUVQU4d7w= -github.com/aws/aws-sdk-go-v2/service/rds v1.91.0/go.mod h1:h2jc7IleH3xHY7y+h8FH7WAZcz3IVLOB6/jXotIQ/qU= -github.com/aws/aws-sdk-go-v2/service/route53 v1.58.4 h1:KycXrohD5OxAZ5h02YechO2gevvoHfAPAaJM5l8zqb0= -github.com/aws/aws-sdk-go-v2/service/route53 v1.58.4/go.mod h1:xNLZLn4SusktBQ5moqUOgiDKGz3a7vHwF4W0KD+WBPc= -github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0 h1:Q2ax8S21clKOnHhhr933xm3JxdJebql+R7aNo7p7GBQ= -github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0/go.mod h1:ralv4XawHjEMaHOWnTFushl0WRqim/gQWesAMF6hTow= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 h1:1KDMKvOKNrpD667ORbZ/+4OgvUoaok1gg/MLzrHF9fw= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6/go.mod h1:DmtyfCfONhOyVAJ6ZMTrDSFIeyCBlEO93Qkfhxwbxu0= -github.com/aws/aws-sdk-go-v2/service/sns v1.33.6 h1:lEUtRHICiXsd7VRwRjXaY7MApT2X4Ue0Mrwe6XbyBro= -github.com/aws/aws-sdk-go-v2/service/sns v1.33.6/go.mod h1:SODr0Lu3lFdT0SGsGX1TzFTapwveBrT5wztVoYtppm8= -github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1 h1:39WvSrVq9DD6UHkD+fx5x19P5KpRQfNdtgReDVNbelc= -github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1/go.mod h1:3gwPzC9LER/BTQdQZ3r6dUktb1rSjABF1D3Sr6nS7VU= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 h1:mADKqoZaodipGgiZfuAjtlcr4IVBtXPZKVjkzUZCCYM= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0/go.mod h1:l9qF25TzH95FhcIak6e4vt79KE4I7M2Nf59eMUVjj6c= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 h1:A1oRkiSQOWstGh61y4Wc/yQ04sqrQZr1Si/oAXj20/s= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.6/go.mod h1:5PfYspyCU5Vw1wNPsxi15LZovOnULudOQuVxphSflQA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 h1:5fm5RTONng73/QA73LhCNR7UT9RpFH3hR6HWL6bIgVY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4AkqSfSvqRKFgDIQeaMguAJndOWo= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8= -github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= -github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= -github.com/banzaicloud/istio-client-go v0.0.17 h1:wiplbM7FDiIHopujInAnin3zuovtVcphtKy9En39q5I= -github.com/banzaicloud/istio-client-go v0.0.17/go.mod h1:rpnEYYGHzisx8nARl2d30Oq38EeCX0/PPaxMaREfE9I= +github.com/aws/aws-sdk-go-v2 v1.41.6 h1:1AX0AthnBQzMx1vbmir3Y4WsnJgiydmnJjiLu+LvXOg= +github.com/aws/aws-sdk-go-v2 v1.41.6/go.mod h1:dy0UzBIfwSeot4grGvY1AqFWN5zgziMmWGzysDnHFcQ= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.9 h1:adBsCIIpLbLmYnkQU+nAChU5yhVTvu5PerROm+/Kq2A= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.9/go.mod h1:uOYhgfgThm/ZyAuJGNQ5YgNyOlYfqnGpTHXvk3cpykg= +github.com/aws/aws-sdk-go-v2/config v1.32.16 h1:Q0iQ7quUgJP0F/SCRTieScnaMdXr9h/2+wze1u3cNeM= +github.com/aws/aws-sdk-go-v2/config v1.32.16/go.mod h1:duCCnJEFqpt2RC6no1iK6q+8HpwOAkiUua0pY507dQc= +github.com/aws/aws-sdk-go-v2/credentials v1.19.15 h1:fyvgWTszojq8hEnMi8PPBTvZdTtEVmAVyo+NFLHBhH4= +github.com/aws/aws-sdk-go-v2/credentials v1.19.15/go.mod h1:gJiYyMOjNg8OEdRWOf3CrFQxM2a98qmrtjx1zuiQfB8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22 h1:IOGsJ1xVWhsi+ZO7/NW8OuZZBtMJLZbk4P5HDjJO0jQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22/go.mod h1:b+hYdbU+jGKfXE8kKM6g1+h+L/Go3vMvzlxBsiuGsxg= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.17 h1:95y7/EqethAhFwMKJ9cDutzBhsS1h8uBwkJ5rp8pNTU= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.17/go.mod h1:77baheqr62SkTw77HWH8qpdWTd2gXKN0xg0qLvDSkpk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 h1:GmLa5Kw1ESqtFpXsx5MmC84QWa/ZrLZvlJGa2y+4kcQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22/go.mod h1:6sW9iWm9DK9YRpRGga/qzrzNLgKpT2cIxb7Vo2eNOp0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 h1:dY4kWZiSaXIzxnKlj17nHnBcXXBfac6UlsAx2qL6XrU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22/go.mod h1:KIpEUx0JuRZLO7U6cbV204cWAEco2iC3l061IxlwLtI= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23 h1:FPXsW9+gMuIeKmz7j6ENWcWtBGTe1kH8r9thNt5Uxx4= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23/go.mod h1:7J8iGMdRKk6lw2C+cMIphgAnT8uTwBwNOsGkyOCm80U= +github.com/aws/aws-sdk-go-v2/service/acm v1.38.2 h1:ozcwethaFOi2ST9h6MKGq1GAIHP68tjiDqgkWVPwfR8= +github.com/aws/aws-sdk-go-v2/service/acm v1.38.2/go.mod h1:HNtDOv4XmqExPxNIBp171KKc5ZoUJwHH9ZhlCcZmdt0= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.66.1 h1:kGlbhb5GMfkP/bcqcbt3oDi50kwDTpRmNzYUY9LqbLk= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.66.1/go.mod h1:z45kurrOonQepd3SN5LIgropAn1NGHwBn1yOMF+QVFU= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.69.1 h1:2ANEV0YkO/NlWxVmHBui7w7NE3lHW2sJji+OtjKJwck= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.69.1/go.mod h1:O7cQtpXZSk+P59gPFZIpcMpKwLk5d9zabFpV8fw68RM= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2 h1:J2ibOhlMLx1o6QwDFsHHfbQjaZ6t5LXodiLNuK6jbZA= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2/go.mod h1:Tj8VcffnduuewrM8HN8xQ9wzzez0CJ0FGSGEovq7Sgs= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.297.1 h1:9nfacm+uWgbdPaOplvJjxN50qgthexb7GOR/97ygc5o= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.297.1/go.mod h1:E1pnYwWFZ8N3REmeN9Fe/Zipbpps4HJj8DQGNnLUMYc= +github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1 h1:G/O4muLF2pe1UJBKEyF7J+kdokEEqFJjm42cU68FqH4= +github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1/go.mod h1:KBzTxiBlQ2bB5XT367+t18i3Qe7NZDRyGKxdzN43aOw= +github.com/aws/aws-sdk-go-v2/service/ecs v1.78.1 h1:9zSVr4X6X8JNTxSMip2RORaBB+Mu0/IfzNu3iRWZE9c= +github.com/aws/aws-sdk-go-v2/service/ecs v1.78.1/go.mod h1:1DlTqkp+8uc5At3UXyJAvJXFaWoMmxSHcp2Zdor0qGw= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.8 h1:p0oB4eZfBfBAOasnKvHJOlNcuHVE/ieuWs7uIZgQlyQ= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.8/go.mod h1:epCaPnGVdiX5ra1lHPfRkVuiQGxrdY8bRI2FBJU+6ok= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 h1:HtOTYcbVcGABLOVuPYaIihj6IlkqubBwFj10K5fxRek= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8/go.mod h1:VsK9abqQeGlzPgUr+isNWzPlK2vKe9INMLWnY65f5Xs= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.14 h1:xnvDEnw+pnj5mctWiYuFbigrEzSm35x7k4KS/ZkCANg= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.14/go.mod h1:yS5rNogD8e0Wu9+l3MUwr6eENBzEeGejvINpN5PAYfY= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22 h1:8IXbJCgOn8ztzvRUOm27iCeTSxmPW45JsSDW3EGi16M= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22/go.mod h1:l53RbOWvncp4DEmlEz6dSXJS913AIxtFqkJZ+Xz7pHs= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 h1:PUmZeJU6Y1Lbvt9WFuJ0ugUK2xn6hIWUBBbKuOWF30s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22/go.mod h1:nO6egFBoAaoXze24a2C0NjQCvdpk8OueRoYimvEB9jo= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.22 h1:SE+aQ4DEqG53RRCAIHlCf//B2ycxGH7jFkpnAh/kKPM= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.22/go.mod h1:ES3ynECd7fYeJIL6+oax+uIEljmfps0S70BaQzbMd/o= +github.com/aws/aws-sdk-go-v2/service/kms v1.50.5 h1:nEzwx/ZlpUZ2Y6WztsgYmfBh5Ixd3QiECawXMzvTMeo= +github.com/aws/aws-sdk-go-v2/service/kms v1.50.5/go.mod h1:GBO/aaEi47QldDVoqw2CsM2UZQDoqDiFIMJD/ztHPs0= +github.com/aws/aws-sdk-go-v2/service/lambda v1.89.1 h1:JxHLwNK5mIKsh2Q0APTSijdzkk5ccI4gyvYdar1JU/0= +github.com/aws/aws-sdk-go-v2/service/lambda v1.89.1/go.mod h1:7qoh/MlWG5QCnZwq9bvdXomEAkmumayXcjEjIemIV7U= +github.com/aws/aws-sdk-go-v2/service/rds v1.118.1 h1:cywOPYUFOSOAjrovJNxuBXd6SV3osiP3KJ5p412IEJQ= +github.com/aws/aws-sdk-go-v2/service/rds v1.118.1/go.mod h1:BaS59j6evm68pt9EaJnb7tnTOaT0MY4rJeESKh8RKKY= +github.com/aws/aws-sdk-go-v2/service/route53 v1.62.6 h1:6b+KS0uVMMsCUKlW8OPNxmcEmoEUtqP1LfnzSzWmuQM= +github.com/aws/aws-sdk-go-v2/service/route53 v1.62.6/go.mod h1:+wmraHmxwqi7feUL/41uULJWl8V1HxtxzOJH6a4ZRg4= +github.com/aws/aws-sdk-go-v2/service/s3 v1.99.1 h1:kU/eBN5+MWNo/LcbNa4hWDdN76hdcd7hocU5kvu7IsU= +github.com/aws/aws-sdk-go-v2/service/s3 v1.99.1/go.mod h1:Fw9aqhJicIVee1VytBBjH+l+5ov6/PhbtIK/u3rt/ls= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6 h1:XR42AXidhYs4HwH0I+yElLXVt7zb2hAyNHQJe6Blv7w= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6/go.mod h1:nOTsSVQlAsgwVRdtZYtECSnsInF8IUhrpnclCPat7Fs= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.10 h1:a1Fq/KXn75wSzoJaPQTgZO0wHGqE9mjFnylnqEPTchA= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.10/go.mod h1:p6+MXNxW7IA6dMgHfTAzljuwSKD0NCm/4lbS4t6+7vI= +github.com/aws/aws-sdk-go-v2/service/sns v1.39.16 h1:CIFDzcrpG87cjj5Op1NZ55BZV64mFka1DuJIEjedxmI= +github.com/aws/aws-sdk-go-v2/service/sns v1.39.16/go.mod h1:468X50NBvl50h/poFrQXD1oZMxbOCTQSVdvowm0i4aw= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.26 h1:jtUEQz/c14fCMkOX3r2/nhYmhXZas0XdcQhUaIW5ubY= +github.com/aws/aws-sdk-go-v2/service/sqs v1.42.26/go.mod h1:gcJv70rH+Z/Q1PM3jKsJr6+vfKrDHJOfmKq7342+Vq8= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.5 h1:TY5Vh7uXQgJVuc6ahI6toLcRajG1aYSDCP3a0xsPvmo= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.5/go.mod h1:UkzShnbxHRIIL2cHi/7fBGLUAZIVTEADQjaA53bWWCE= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.16 h1:x6bKbmDhsgSZwv6q19wY/u3rLk/3FGjJWyqKcIRufpE= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.16/go.mod h1:CudnEVKRtLn0+3uMV0yEXZ+YZOKnAtUJ5DmDhilVnIw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20 h1:oK/njaL8GtyEihkWMD4k3VgHCT64RQKkZwh0DG5j8ak= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20/go.mod h1:JHs8/y1f3zY7U5WcuzoJ/yAYGYtNIVPKLIbp61euvmg= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 h1:ks8KBcZPh3PYISr5dAiXCM5/Thcuxk8l+PG4+A0exds= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.0/go.mod h1:pFw33T0WLvXU3rw1WBkpMlkgIn54eCB5FYLhjDc9Foo= +github.com/aws/smithy-go v1.25.0 h1:Sz/XJ64rwuiKtB6j98nDIPyYrV1nVNJ4YU74gttcl5U= +github.com/aws/smithy-go v1.25.0/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -97,8 +95,8 @@ github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyX github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2FW8w= github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM= -github.com/cert-manager/cert-manager v1.19.2 h1:jSprN1h5pgNDSl7HClAmIzXuTxic/5FXJ32kbQHqjlM= -github.com/cert-manager/cert-manager v1.19.2/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE= +github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= +github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cisco-open/cluster-registry-controller/api v0.2.12 h1:dxKVG3T75RAU8f0kmeLRh82Ao4koTFIPZEodUTBhg14= @@ -113,26 +111,20 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/eapache/go-resiliency v1.7.0 h1:n3NRTnBn5N0Cbi/IeOHuQn9s2UwVUH7Ga0ZWcP+9JTA= github.com/eapache/go-resiliency v1.7.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho= -github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4ALJ04o5Qqpdz8XLIpNA3WM/iSIXqxtqo7UGVws= -github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0= -github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho= +github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs= github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= @@ -141,45 +133,44 @@ github.com/gkampitakis/go-snaps v0.5.15 h1:amyJrvM1D33cPHwVrjo9jQxX8g/7E2wYdZ+01 github.com/gkampitakis/go-snaps v0.5.15/go.mod h1:HNpx/9GoKisdhw9AFOBT1N7DBs9DiHo/hGheFGBZ+mc= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= -github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= -github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= -github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= -github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= -github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= -github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= -github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= -github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= -github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= -github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= -github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= -github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= -github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= -github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= -github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= -github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= -github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= -github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= -github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= -github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= -github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= -github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= -github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= -github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= -github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= -github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= -github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= -github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +github.com/go-openapi/jsonpointer v0.23.1 h1:1HBACs7XIwR2RcmItfdSFlALhGbe6S92p0ry4d1GWg4= +github.com/go-openapi/jsonpointer v0.23.1/go.mod h1:iWRmZTrGn7XwYhtPt/fvdSFj1OfNBngqRT2UG3BxSqY= +github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y= +github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY= +github.com/go-openapi/swag v0.26.0 h1:GVDXCmfvhfu1BxiHo8/FA+BbKmhecHnG3varjON5/RI= +github.com/go-openapi/swag v0.26.0/go.mod h1:82g3193sZJRbocs7bNCqGfIgq8pkuwVwCfhKIRlEQF0= +github.com/go-openapi/swag/cmdutils v0.26.0 h1:iowihOcvq7y4egO8cOq0dmfohz6wfeQ63U1EnuhO2TU= +github.com/go-openapi/swag/cmdutils v0.26.0/go.mod h1:Sm1MVFMkF6guJJ+pQqHnQA3N0j9qALV3NxzDSv6bETM= +github.com/go-openapi/swag/conv v0.26.0 h1:5yGGsPYI1ZCva93U0AoKi/iZrNhaJEjr324YVsiD89I= +github.com/go-openapi/swag/conv v0.26.0/go.mod h1:tpAmIL7X58VPnHHiSO4uE3jBeRamGsFsfdDeDtb5ECE= +github.com/go-openapi/swag/fileutils v0.26.0 h1:WJoPRvsA7QRiiWluowkLJa9jaYR7FCuxmDvnCgaRRxU= +github.com/go-openapi/swag/fileutils v0.26.0/go.mod h1:0WDJ7lp67eNjPMO50wAWYlKvhOb6CQ37rzR7wrgI8Tc= +github.com/go-openapi/swag/jsonname v0.26.0 h1:gV1NFX9M8avo0YSpmWogqfQISigCmpaiNci8cGECU5w= +github.com/go-openapi/swag/jsonname v0.26.0/go.mod h1:urBBR8bZNoDYGr653ynhIx+gTeIz0ARZxHkAPktJK2M= +github.com/go-openapi/swag/jsonutils v0.26.0 h1:FawFML2iAXsPqmERscuMPIHmFsoP1tOqWkxBaKNMsnA= +github.com/go-openapi/swag/jsonutils v0.26.0/go.mod h1:2VmA0CJlyFqgawOaPI9psnjFDqzyivIqLYN34t9p91E= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0 h1:apqeINu/ICHouqiRZbyFvuDge5jCmmLTqGQ9V95EaOM= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0/go.mod h1:AyM6QT8uz5IdKxk5akv0y6u4QvcL9GWERt0Jx/F/R8Y= +github.com/go-openapi/swag/loading v0.26.0 h1:Apg6zaKhCJurpJer0DCxq99qwmhFddBhaMX7kilDcko= +github.com/go-openapi/swag/loading v0.26.0/go.mod h1:dBxQ/6V2uBaAQdevN18VELE6xSpJWZxLX4txe12JwDg= +github.com/go-openapi/swag/mangling v0.26.0 h1:Du2YC4YLA/Y5m/YKQd7AnY5qq0wRKSFZTTt8ktFaXcQ= +github.com/go-openapi/swag/mangling v0.26.0/go.mod h1:jifS7W9vbg+pw63bT+GI53otluMQL3CeemuyCHKwVx0= +github.com/go-openapi/swag/netutils v0.26.0 h1:CmZp+ZT7HrmFwrC3GdGsXBq2+42T1bjKBapcqVpIs3c= +github.com/go-openapi/swag/netutils v0.26.0/go.mod h1:5iK+Ok3ZohWWex1C50BFTPexi03UaPwjW4Oj8kgrpwo= +github.com/go-openapi/swag/stringutils v0.26.0 h1:qZQngLxs5s7SLijc3N2ZO+fUq2o8LjuWAASSrJuh+xg= +github.com/go-openapi/swag/stringutils v0.26.0/go.mod h1:sWn5uY+QIIspwPhvgnqJsH8xqFT2ZbYcvbcFanRyhFE= +github.com/go-openapi/swag/typeutils v0.26.0 h1:2kdEwdiNWy+JJdOvu5MA2IIg2SylWAFuuyQIKYybfq4= +github.com/go-openapi/swag/typeutils v0.26.0/go.mod h1:oovDuIUvTrEHVMqWilQzKzV4YlSKgyZmFh7AlfABNVE= +github.com/go-openapi/swag/yamlutils v0.26.0 h1:H7O8l/8NJJQ/oiReEN+oMpnGMyt8G0hl460nRZxhLMQ= +github.com/go-openapi/swag/yamlutils v0.26.0/go.mod h1:1evKEGAtP37Pkwcc7EWMF0hedX0/x3Rkvei2wtG/TbU= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2 h1:5zRca5jw7lzVREKCZVNBpysDNBjj74rBh0N2BGQbSR0= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2/go.mod h1:XVevPw5hUXuV+5AkI1u1PeAm27EQVrhXTTCPAF85LmE= +github.com/go-openapi/testify/v2 v2.5.1 h1:TMdhCaw8fUNraVSf3Omoob1dO/AzBfhtFAPW0an6sBo= +github.com/go-openapi/testify/v2 v2.5.1/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -188,11 +179,6 @@ github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= -github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= @@ -210,8 +196,8 @@ github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7O github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f h1:HU1RgM6NALf/KW9HEY6zry3ADbDKcmpQ+hJedoNGQYQ= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f/go.mod h1:67FPmZWbr+KDT/VlpWtw6sO9XSjpJmLuHpoLmWiTGgY= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96 h1:YDDnaZ9afWajDboPMt9Vikqca/yWAX7KAxVzb4lJU1M= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= @@ -222,8 +208,8 @@ github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5T github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0= github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk= -github.com/gruntwork-io/terratest v0.54.0 h1:JOVATYDpU0NAPbEkgYUP50BR2m45UGiR4dbs20sKzck= -github.com/gruntwork-io/terratest v0.54.0/go.mod h1:QvwQWZMTJmJB4E0d1Uc18quQm7+X53liKKp+fJSuaKA= +github.com/gruntwork-io/terratest v1.0.0 h1:Zk7VJ5Z9vBSwv8OQ/zzkG5D/tfqyVyjMK+lq2v+Kn/c= +github.com/gruntwork-io/terratest v1.0.0/go.mod h1:g2XWbOQOvnHBFcIYCt5ryaFBWp69+5L+QMbAwor+CBo= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -242,8 +228,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs= -github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA= +github.com/jackc/pgx/v5 v5.9.0 h1:T/dI+2TvmI2H8s/KH1/lXIbz1CUFk3gn5oTjr0/mBsE= +github.com/jackc/pgx/v5 v5.9.0/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= @@ -258,20 +244,12 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= -github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= -github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= -github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao= +github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -285,49 +263,44 @@ github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= -github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= -github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-colorable v0.1.15 h1:+u9SLTRGnXv73cEsnsmoZBom+dMU88B2M0aDcWy0/jY= +github.com/mattn/go-colorable v0.1.15/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= +github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.3 h1:ICsZJ8JoYafeXFFlFAG75a7CxMsJHwgKwtO+82SE9L8= -github.com/onsi/ginkgo/v2 v2.27.3/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM= -github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4= +github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= +github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= -github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU= -github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pierrec/lz4/v4 v4.1.27 h1:+PhzhWDrjRj89TH2sw43nE3+4+W8lSxIuQadEHZyjUk= +github.com/pierrec/lz4/v4 v4.1.27/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -339,10 +312,10 @@ github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= -github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= -github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= -github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/prometheus/common v0.68.0 h1:8rQJvQmYltsR2L7h8Zw0Iyj8WYNNmpwikoQTZXwfVeA= +github.com/prometheus/common v0.68.0/go.mod h1:4soH+U8yJSROk7OJ//hmTiWKsxapv6zRGgTt3keN8gQ= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= +github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 h1:bsUq1dX0N8AOIL7EB/X911+m4EHsnWEHeJ0c+3TTBrg= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= @@ -355,14 +328,13 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4= +github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -383,10 +355,10 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/twmb/franz-go v1.20.5 h1:Gj9jdkvlddf8pdrehvtDHLPult5JS8q65oITUff6dXo= -github.com/twmb/franz-go v1.20.5/go.mod h1:gZmp2nTNfKuiKKND8qAsv28VdMlr/Gf4BIcsj99Bmtk= -github.com/twmb/franz-go/pkg/kmsg v1.12.0 h1:CbatD7ers1KzDNgJqPbKOq0Bz/WLBdsTH75wgzeVaPc= -github.com/twmb/franz-go/pkg/kmsg v1.12.0/go.mod h1:+DPt4NC8RmI6hqb8G09+3giKObE6uD2Eya6CfqBpeJY= +github.com/twmb/franz-go v1.21.2 h1:WrvV/spF48JzcRylqDQy02Vm6V6W4lhtD9Y4BOYNMu4= +github.com/twmb/franz-go v1.21.2/go.mod h1:rfoMTnVk7107fhTGxfEKIHP/e7tPe6oyij/ywzO0czk= +github.com/twmb/franz-go/pkg/kmsg v1.13.1 h1:fG5kItwysTk5UXqVwb64EpQEy3TydF3vYYK21nUQ+bI= +github.com/twmb/franz-go/pkg/kmsg v1.13.1/go.mod h1:+DPt4NC8RmI6hqb8G09+3giKObE6uD2Eya6CfqBpeJY= github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs= github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= @@ -397,8 +369,6 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -406,87 +376,66 @@ go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= +golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= +golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9 h1:4d4PbuBNwaxMXkXI8yiIYjydtMU+04RHeuSxJdgKftM= +golang.org/x/exp v0.0.0-20260529124908-c761662dc8c9/go.mod h1:d2fgXJLVs4dYDHUk5lwMIfzRzSrWCfGZb0ZqeLa/Vcw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -497,7 +446,6 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -505,30 +453,29 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= -k8s.io/apimachinery v0.0.0-20190704094733-8f6ac2502e51/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apiextensions-apiserver v0.36.1 h1:6JfYmPUsuUIHuN+3QxutXYWj492RqF5fBSx67GYK5Ks= +k8s.io/apiextensions-apiserver v0.36.1/go.mod h1:pLzZin90riwisdzKwv/GoTwENooytoIx5zWJb4Hkby8= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/client-go v0.36.1 h1:FN/K8QIT2CEDt+2WB2HnWrUANZ50AP5GII43/SP2JR0= +k8s.io/client-go v0.36.1/go.mod h1:s6rAnCtTGYDQnpNjEhSaISV+2O8jwruZ6m3QOYBFbtU= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af h1:zLXA2Irn14q2/06WMkxViyr7YCPUO2lJ0QYE9Juy5vA= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/streaming v0.36.1 h1:L+K68n4Gg940BGNNYtUBvL1WTLL0YnKT3s+P1MNAmR4= +k8s.io/streaming v0.36.1/go.mod h1:z6fV3D+NVkoeqRMtWwlUZK6U17SY/LqNzOxWL6GyR/s= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 h1:wU4tMEhLGgIbLvXQb1cfN+EcM0wf7zC6CPF+C79jroc= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= +sigs.k8s.io/controller-runtime v0.24.1 h1:miPEwrmirImAvgME1L9qebGHrOnGJoVmVdtOU9fRfo4= +sigs.k8s.io/controller-runtime v0.24.1/go.mod h1:vFkfY5fGt5xAC/sKb8IBFKgWPNKG9OUG29dR8Y2wImw= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/tests/e2e/helm.go b/tests/e2e/helm.go index e1309fb0d..72560b484 100644 --- a/tests/e2e/helm.go +++ b/tests/e2e/helm.go @@ -16,6 +16,7 @@ package e2e import ( + "context" "encoding/json" "fmt" "io" @@ -62,8 +63,9 @@ func (helmDescriptor *helmDescriptor) crdPath() (string, error) { //nolint:unuse ), nil } - localCRDsBytes := []byte(helm.RenderTemplate( + localCRDsBytes := []byte(helm.RenderTemplateContext( ginkgo.GinkgoT(), + context.Background(), &helm.Options{ SetValues: helmDescriptor.LocalCRDTemplateRenderValues, }, @@ -255,8 +257,9 @@ func (helmDescriptor *helmDescriptor) installHelmChart(kubectlOptions k8s.Kubect fixedArguments = append([]string{"--repo", helmDescriptor.Repository}, fixedArguments...) } - helm.Install( + helm.InstallContext( ginkgo.GinkgoT(), + context.Background(), &helm.Options{ SetValues: helmDescriptor.SetValues, KubectlOptions: &kubectlOptions, @@ -325,8 +328,9 @@ func (helmDescriptor *helmDescriptor) uninstallHelmChart(kubectlOptions k8s.Kube purge := true - return helm.DeleteE( + return helm.DeleteContextE( ginkgo.GinkgoT(), + context.Background(), &helm.Options{ KubectlOptions: &kubectlOptions, ExtraArgs: map[string][]string{ @@ -416,8 +420,9 @@ func listHelmReleases(kubectlOptions k8s.KubectlOptions) ([]*HelmRelease, error) args = append(args, "--debug") } - output, err := helm.RunHelmCommandAndGetOutputE( + output, err := helm.RunHelmCommandAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &helm.Options{ KubectlOptions: &kubectlOptions, }, diff --git a/tests/e2e/k8s.go b/tests/e2e/k8s.go index 00ca86a72..b166c3fbc 100644 --- a/tests/e2e/k8s.go +++ b/tests/e2e/k8s.go @@ -17,6 +17,7 @@ package e2e import ( "bytes" + "context" "fmt" "io" "net/http" @@ -53,7 +54,7 @@ const ( // kubectl context and namespace. func applyK8sResourceManifest(kubectlOptions k8s.KubectlOptions, manifestPath string) { //nolint:unused // Note: this might come in handy for manual K8s resource operations. ginkgo.By(fmt.Sprintf("Applying k8s manifest %s", manifestPath)) - k8s.KubectlApply(ginkgo.GinkgoT(), &kubectlOptions, manifestPath) + k8s.KubectlApplyContext(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, manifestPath) } // isExistingK8SResource queries a Resource by it's kind, namespace and name and @@ -64,7 +65,7 @@ func isExistingK8SResource( resourceName string, ) bool { ginkgo.By(fmt.Sprintf("Checking the existence of resource %s in namespace %s (kind: %s)", resourceName, kubectlOptions.Namespace, resourceKind)) - err := k8s.RunKubectlE(ginkgo.GinkgoT(), &kubectlOptions, getAction, resourceKind, resourceName) + err := k8s.RunKubectlContextE(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, getAction, resourceKind, resourceName) if err != nil { ginkgo.By(fmt.Sprintf("Received error when getting resource: %s", err)) return false @@ -83,12 +84,13 @@ func createOrReplaceK8sResourcesFromManifest( //nolint:unused // Note: this migh shouldBeValidated bool, ) { ginkgo.By(fmt.Sprintf("Checking the existence of resource %s", resourceName)) - err := k8s.RunKubectlE(ginkgo.GinkgoT(), &kubectlOptions, getAction, resourceKind, resourceName) + err := k8s.RunKubectlContextE(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, getAction, resourceKind, resourceName) if err == nil { ginkgo.By(fmt.Sprintf("Replacing k8s resources from manifest %s", resourceManifest)) - k8s.RunKubectl( + k8s.RunKubectlContext( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, "replace", fmt.Sprintf("--validate=%t", shouldBeValidated), @@ -96,8 +98,9 @@ func createOrReplaceK8sResourcesFromManifest( //nolint:unused // Note: this migh ) } else { ginkgo.By(fmt.Sprintf("Creating k8s resources from manifest %s", resourceManifest)) - k8s.RunKubectl( + k8s.RunKubectlContext( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, "create", fmt.Sprintf("--validate=%t", shouldBeValidated), @@ -157,8 +160,9 @@ func getK8sCRD(kubectlOptions k8s.KubectlOptions, crdName string) ([]byte, error // CRDs are cluster-scoped, so we need to remove the namespace from kubectlOptions clusterScopedOptions := kubectlOptions clusterScopedOptions.Namespace = "" - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &clusterScopedOptions, []string{getAction, "crd", outputFlag, "json", crdName}..., ) @@ -410,8 +414,9 @@ func listK8sCRDs(kubectlOptions k8s.KubectlOptions, crdNames ...string) ([]strin clusterScopedOptions := kubectlOptions clusterScopedOptions.Namespace = "" args := append([]string{getAction, "crd", outputFlag, nameKey}, crdNames...) - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &clusterScopedOptions, args..., ) @@ -447,8 +452,9 @@ func deleteK8sResource( _, args = kubectlArgExtender(args, "", selector, name, kubectlOptions.Namespace, extraArgs) } - _, err := k8s.RunKubectlAndGetOutputE( + _, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -473,7 +479,7 @@ func deleteK8sResourceNoErrNotFound(kubectlOptions k8s.KubectlOptions, timeout t // kubectl context and namespace. func applyK8sResourceManifestFromString(kubectlOptions k8s.KubectlOptions, manifest string) error { ginkgo.By(fmt.Sprintf("Applying k8s manifest\n%s", manifest)) - return k8s.KubectlApplyFromStringE(ginkgo.GinkgoT(), &kubectlOptions, manifest) + return k8s.KubectlApplyFromStringContextE(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, manifest) } // applyK8sResourceFromTemplate generates manifest from the specified go-template based on values @@ -510,8 +516,9 @@ func listK8sResourceKinds(kubectlOptions k8s.KubectlOptions, apiGroupSelector st args = append(args, extraArgs...) - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -544,8 +551,9 @@ func getK8sResources(kubectlOptions k8s.KubectlOptions, resourceKind []string, s args := []string{getAction, strings.Join(resourceKind, ",")} _, args = kubectlArgExtender(args, "", selector, names, kubectlOptions.Namespace, extraArgs) - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -668,8 +676,9 @@ func waitK8sResourceCondition(kubectlOptions k8s.KubectlOptions, resourceKind, w } _, args = kubectlArgExtender(args, "", selector, names, kubectlOptions.Namespace, extraArgs) - _, lastErr = k8s.RunKubectlAndGetOutputE( + _, lastErr = k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -775,8 +784,9 @@ func waitForKafkaClusterWithPodStatusCheck(kubectlOptions k8s.KubectlOptions, cl "-n", kubectlOptions.Namespace, } - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -816,8 +826,9 @@ func checkAllKafkaPodsInNamespace(kubectlOptions k8s.KubectlOptions, namespace s "-o", "jsonpath={range .items[*]}{.metadata.name}{.status.phase}{.status.containerStatuses[*].ready}{\"\\n\"}{end}", } - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -851,8 +862,9 @@ func checkAndPrintKafkaPodStatus(kubectlOptions k8s.KubectlOptions, namespace st "-o", "wide", } - output, err := k8s.RunKubectlAndGetOutputE( + output, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, args..., ) @@ -871,8 +883,9 @@ func checkAndPrintKafkaPodStatus(kubectlOptions k8s.KubectlOptions, namespace st "-o", "jsonpath={.items[*].metadata.name}", } - podNamesOutput, err := k8s.RunKubectlAndGetOutputE( + podNamesOutput, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, podNamesArgs..., ) @@ -896,8 +909,9 @@ func checkAndPrintKafkaPodStatus(kubectlOptions k8s.KubectlOptions, namespace st "--sort-by", ".lastTimestamp", } - eventsOutput, err := k8s.RunKubectlAndGetOutputE( + eventsOutput, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, eventsArgs..., ) diff --git a/tests/e2e/kafka_client.go b/tests/e2e/kafka_client.go index 051e459be..88e9e437a 100644 --- a/tests/e2e/kafka_client.go +++ b/tests/e2e/kafka_client.go @@ -102,7 +102,7 @@ func consumingMessagesExternally(externalKafkaAddresses []string, topicName stri func getTLSConfigFromSecret(kubectlOptions k8s.KubectlOptions, secretName string) (*tls.Config, error) { //nolint:unused // Note: unused linter disabled until External e2e tests are turned on. ginkgo.By(fmt.Sprintf("Getting TLS config from secret name: '%s' namespace: '%s'", secretName, kubectlOptions.Namespace)) - tlsSecret, err := k8s.GetSecretE(ginkgo.GinkgoT(), &kubectlOptions, secretName) + tlsSecret, err := k8s.GetSecretContextE(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, secretName) if err != nil { return nil, fmt.Errorf("could not get TLS secret for kafka client: %w", err) } diff --git a/tests/e2e/kcat.go b/tests/e2e/kcat.go index 396cfb16e..0c04f4d37 100644 --- a/tests/e2e/kcat.go +++ b/tests/e2e/kcat.go @@ -16,6 +16,7 @@ package e2e import ( + "context" "fmt" "github.com/gruntwork-io/terratest/modules/k8s" @@ -32,7 +33,8 @@ func consumingMessagesInternally(kubectlOptions k8s.KubectlOptions, kcatPodName kcatTLSParameters += "-X security.protocol=SSL -X ssl.key.location=/ssl/certs/tls.key -X ssl.certificate.location=/ssl/certs/tls.crt -X ssl.ca.location=/ssl/certs/ca.crt" } - consumedMessages, err := k8s.RunKubectlAndGetOutputE(ginkgo.GinkgoT(), + consumedMessages, err := k8s.RunKubectlAndGetOutputContextE(ginkgo.GinkgoT(), + context.Background(), k8s.NewKubectlOptions(kubectlOptions.ContextName, kubectlOptions.ConfigPath, ""), "exec", kcatPodName, "-n", kubectlOptions.Namespace, @@ -56,7 +58,8 @@ func producingMessagesInternally(kubectlOptions k8s.KubectlOptions, kcatPodName kcatTLSParameters += "-X security.protocol=SSL -X ssl.key.location=/ssl/certs/tls.key -X ssl.certificate.location=/ssl/certs/tls.crt -X ssl.ca.location=/ssl/certs/ca.crt" } - _, err := k8s.RunKubectlAndGetOutputE(ginkgo.GinkgoT(), + _, err := k8s.RunKubectlAndGetOutputContextE(ginkgo.GinkgoT(), + context.Background(), k8s.NewKubectlOptions(kubectlOptions.ContextName, kubectlOptions.ConfigPath, ""), "exec", kcatPodName, "-n", kubectlOptions.Namespace, diff --git a/tests/e2e/test_jmx_exporter.go b/tests/e2e/test_jmx_exporter.go index 09d440d94..eab10797c 100644 --- a/tests/e2e/test_jmx_exporter.go +++ b/tests/e2e/test_jmx_exporter.go @@ -16,6 +16,7 @@ package e2e import ( + "context" "fmt" "strings" @@ -70,7 +71,7 @@ func checkMetricExistsForBrokers(kubectlOptions k8s.KubectlOptions, kafkaBrokerL LabelSelector: kafkaBrokerLabelSelector, } - pods, err := k8s.ListPodsE(ginkgo.GinkgoT(), &kubectlOptions, listOptions) + pods, err := k8s.ListPodsContextE(ginkgo.GinkgoT(), context.Background(), &kubectlOptions, listOptions) gomega.Expect(err).NotTo(gomega.HaveOccurred(), "Failed to list pods") gomega.Expect( @@ -89,7 +90,8 @@ func checkMetricExistsForBrokers(kubectlOptions k8s.KubectlOptions, kafkaBrokerL func metricExistsInPod(pod coreV1.Pod, kubectlOptions k8s.KubectlOptions, metricPrefix string) (bool, error) { baseCommand := fmt.Sprintf("exec %s --container kafka -- sh -c", pod.Name) curlCommand := fmt.Sprintf("curl -s http://localhost:%s/metrics|grep ^%s|head -n 1", jmxExporterPort, metricPrefix) - output, err := k8s.RunKubectlAndGetOutputE(ginkgo.GinkgoT(), + output, err := k8s.RunKubectlAndGetOutputContextE(ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, append(strings.Split(baseCommand, " "), curlCommand)...) @@ -102,8 +104,9 @@ func metricExistsInPod(pod coreV1.Pod, kubectlOptions k8s.KubectlOptions, metric func isKRaftEnabledForKafkaCluster(kubectlOptions k8s.KubectlOptions, kafkaClusterName string) (bool, error) { command := fmt.Sprintf("get %s %s -o jsonpath={.spec.kRaft}", kafkaKind, kafkaClusterName) - kraftModeValue, err := k8s.RunKubectlAndGetOutputE( + kraftModeValue, err := k8s.RunKubectlAndGetOutputContextE( ginkgo.GinkgoT(), + context.Background(), &kubectlOptions, strings.Split(command, " ")...) diff --git a/third_party/github.com/banzaicloud/go-cruise-control/go.mod b/third_party/github.com/banzaicloud/go-cruise-control/go.mod index d54ced1ec..63af9a43a 100644 --- a/third_party/github.com/banzaicloud/go-cruise-control/go.mod +++ b/third_party/github.com/banzaicloud/go-cruise-control/go.mod @@ -4,7 +4,7 @@ go 1.25.0 require ( github.com/go-logr/logr v1.4.3 - github.com/onsi/gomega v1.38.3 + github.com/onsi/gomega v1.41.0 github.com/pkg/errors v0.9.1 ) @@ -13,7 +13,7 @@ require ( github.com/kr/text v0.2.0 // indirect github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/text v0.32.0 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/text v0.37.0 // indirect gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect ) diff --git a/third_party/github.com/banzaicloud/go-cruise-control/go.sum b/third_party/github.com/banzaicloud/go-cruise-control/go.sum index 913b1b660..1fc84b890 100644 --- a/third_party/github.com/banzaicloud/go-cruise-control/go.sum +++ b/third_party/github.com/banzaicloud/go-cruise-control/go.sum @@ -1,38 +1,24 @@ -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/onsi/ginkgo/v2 v2.25.3 h1:Ty8+Yi/ayDAGtk4XxmmfUy4GabvM+MegeB4cDLRi6nw= -github.com/onsi/ginkgo/v2 v2.25.3/go.mod h1:43uiyQC4Ed2tkOzLsEYm7hnrb7UJTWHYNsuy3bG/snE= -github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM= -github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= -go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.mod b/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.mod index a1e9489d7..9bd6c821a 100644 --- a/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.mod +++ b/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.mod @@ -4,21 +4,21 @@ go 1.25.0 require ( github.com/banzaicloud/go-cruise-control v0.6.0 - github.com/compose-spec/compose-go/v2 v2.10.0 - github.com/docker/cli v29.1.3+incompatible + github.com/compose-spec/compose-go/v2 v2.11.0 + github.com/docker/cli v29.5.2+incompatible github.com/docker/compose/v2 v2.40.3 github.com/go-logr/logr v1.4.3 github.com/go-logr/zapr v1.3.0 - github.com/onsi/ginkgo/v2 v2.27.3 - github.com/onsi/gomega v1.38.3 + github.com/onsi/ginkgo/v2 v2.29.0 + github.com/onsi/gomega v1.41.0 github.com/pkg/errors v0.9.1 - go.uber.org/zap v1.27.1 + go.uber.org/zap v1.28.0 ) require ( github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/DefangLabs/secret-detector v0.0.0-20250403165618-22662109213e // indirect - github.com/Masterminds/semver/v3 v3.4.0 // indirect + github.com/Masterminds/semver/v3 v3.5.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -73,7 +73,7 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f // indirect + github.com/google/pprof v0.0.0-20260507013755-92041b743c96 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect @@ -156,17 +156,17 @@ require ( go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect - golang.org/x/crypto v0.46.0 // indirect - golang.org/x/mod v0.31.0 // indirect - golang.org/x/net v0.48.0 // indirect + go.yaml.in/yaml/v4 v4.0.0-rc.4 // indirect + golang.org/x/crypto v0.51.0 // indirect + golang.org/x/mod v0.36.0 // indirect + golang.org/x/net v0.55.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.39.0 // indirect - golang.org/x/term v0.38.0 // indirect - golang.org/x/text v0.32.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect golang.org/x/time v0.11.0 // indirect - golang.org/x/tools v0.40.0 // indirect + golang.org/x/tools v0.45.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/grpc v1.74.2 // indirect google.golang.org/protobuf v1.36.9 // indirect diff --git a/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.sum b/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.sum index fe337ae19..5404ab760 100644 --- a/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.sum +++ b/third_party/github.com/banzaicloud/go-cruise-control/integration_test/go.sum @@ -4,8 +4,8 @@ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEK github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/DefangLabs/secret-detector v0.0.0-20250403165618-22662109213e h1:rd4bOvKmDIx0WeTv9Qz+hghsgyjikFiPrseXHlKepO0= github.com/DefangLabs/secret-detector v0.0.0-20250403165618-22662109213e/go.mod h1:blbwPQh4DTlCZEfk1BLU4oMIhLda2U+A840Uag9DsZw= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= @@ -54,8 +54,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= -github.com/compose-spec/compose-go/v2 v2.10.0 h1:K2C5LQ3KXvkYpy5N/SG6kIYB90iiAirA9btoTh/gB0Y= -github.com/compose-spec/compose-go/v2 v2.10.0/go.mod h1:Ohac1SzhO/4fXXrzWIztIVB6ckmKBv1Nt5Z5mGVESUg= +github.com/compose-spec/compose-go/v2 v2.11.0 h1:xoq/ootgIL6TsHmbJHrkuh7+bzjhPV3NHftHRPPyVXM= +github.com/compose-spec/compose-go/v2 v2.11.0/go.mod h1:ZU6zlcweCZKyiB7BVfCizQT9XmkEIMFE+PRZydVcsZg= github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= @@ -101,8 +101,8 @@ github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxK github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/docker/buildx v0.29.1 h1:58hxM5Z4mnNje3G5NKfULT9xCr8ooM8XFtlfUK9bKaA= github.com/docker/buildx v0.29.1/go.mod h1:J4EFv6oxlPiV1MjO0VyJx2u5tLM7ImDEl9zyB8d4wPI= -github.com/docker/cli v29.1.3+incompatible h1:+kz9uDWgs+mAaIZojWfFt4d53/jv0ZUOOoSh5ZnH36c= -github.com/docker/cli v29.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.5.2+incompatible h1:ubykJ1Y8LmNRGJ2BuMQ0kHOt/RO1YzGNswqWMJgivuQ= +github.com/docker/cli v29.5.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/compose/v2 v2.40.3 h1:XeYkQu1svDtyfZPv5nTwFryQ25ZJMkIlc4pz9HalMPI= github.com/docker/compose/v2 v2.40.3/go.mod h1:iNY1tvoHTyN3C3QHCuWAgj3OjR2T6mGkk/qxfbBF/4M= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -174,8 +174,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f h1:HU1RgM6NALf/KW9HEY6zry3ADbDKcmpQ+hJedoNGQYQ= -github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f/go.mod h1:67FPmZWbr+KDT/VlpWtw6sO9XSjpJmLuHpoLmWiTGgY= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96 h1:YDDnaZ9afWajDboPMt9Vikqca/yWAX7KAxVzb4lJU1M= +github.com/google/pprof v0.0.0-20260507013755-92041b743c96/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -277,10 +277,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.27.3 h1:ICsZJ8JoYafeXFFlFAG75a7CxMsJHwgKwtO+82SE9L8= -github.com/onsi/ginkgo/v2 v2.27.3/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM= -github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4= +github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= +github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -408,34 +408,34 @@ go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -go.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go= -go.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= +go.yaml.in/yaml/v4 v4.0.0-rc.4 h1:UP4+v6fFrBIb1l934bDl//mmnoIZEDK0idg1+AIvX5U= +go.yaml.in/yaml/v4 v4.0.0-rc.4/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -444,22 +444,22 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/third_party/github.com/banzaicloud/k8s-objectmatcher/go.mod b/third_party/github.com/banzaicloud/k8s-objectmatcher/go.mod index d1d093469..0f3b90583 100644 --- a/third_party/github.com/banzaicloud/k8s-objectmatcher/go.mod +++ b/third_party/github.com/banzaicloud/k8s-objectmatcher/go.mod @@ -1,24 +1,22 @@ module github.com/banzaicloud/k8s-objectmatcher -go 1.25.0 +go 1.26.0 require ( emperror.dev/errors v0.8.1 github.com/evanphx/json-patch v5.9.11+incompatible github.com/json-iterator/go v1.1.12 - k8s.io/apimachinery v0.34.3 + k8s.io/apimachinery v0.36.1 ) require ( - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.23.0 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect github.com/josharian/intern v1.0.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -26,20 +24,19 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.38.0 // indirect - golang.org/x/text v0.23.0 // indirect - golang.org/x/tools v0.26.0 // indirect - google.golang.org/protobuf v1.36.5 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/text v0.33.0 // indirect + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect + gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a // indirect + k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/third_party/github.com/banzaicloud/k8s-objectmatcher/go.sum b/third_party/github.com/banzaicloud/k8s-objectmatcher/go.sum index 631d14789..4c981d317 100644 --- a/third_party/github.com/banzaicloud/k8s-objectmatcher/go.sum +++ b/third_party/github.com/banzaicloud/k8s-objectmatcher/go.sum @@ -2,14 +2,15 @@ emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= @@ -18,23 +19,15 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -50,18 +43,15 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -69,78 +59,47 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= +gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hkbPJgdATINPMAxaynU2Ovg= +k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.mod b/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.mod index 88235d3b4..c952a9cda 100644 --- a/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.mod +++ b/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.mod @@ -1,38 +1,37 @@ module github.com/banzaicloud/k8s-objectmatcher/tests -go 1.25.0 +go 1.26.0 require ( emperror.dev/errors v0.8.1 github.com/banzaicloud/k8s-objectmatcher v1.8.0 - k8s.io/api v0.34.3 - k8s.io/apiextensions-apiserver v0.34.3 - k8s.io/apimachinery v0.34.3 - k8s.io/client-go v0.34.3 - k8s.io/klog/v2 v2.130.1 + k8s.io/api v0.36.1 + k8s.io/apiextensions-apiserver v0.36.1 + k8s.io/apimachinery v0.36.1 + k8s.io/client-go v0.36.1 + k8s.io/klog/v2 v2.140.0 ) require ( - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect - github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect github.com/go-logr/logr v1.4.3 // indirect - github.com/go-openapi/jsonpointer v0.22.4 // indirect - github.com/go-openapi/jsonreference v0.21.4 // indirect - github.com/go-openapi/swag v0.25.4 // indirect - github.com/go-openapi/swag/cmdutils v0.25.4 // indirect - github.com/go-openapi/swag/conv v0.25.4 // indirect - github.com/go-openapi/swag/fileutils v0.25.4 // indirect - github.com/go-openapi/swag/jsonname v0.25.4 // indirect - github.com/go-openapi/swag/jsonutils v0.25.4 // indirect - github.com/go-openapi/swag/loading v0.25.4 // indirect - github.com/go-openapi/swag/mangling v0.25.4 // indirect - github.com/go-openapi/swag/netutils v0.25.4 // indirect - github.com/go-openapi/swag/stringutils v0.25.4 // indirect - github.com/go-openapi/swag/typeutils v0.25.4 // indirect - github.com/go-openapi/swag/yamlutils v0.25.4 // indirect - github.com/gogo/protobuf v1.3.2 // indirect + github.com/go-openapi/jsonpointer v0.23.1 // indirect + github.com/go-openapi/jsonreference v0.21.6 // indirect + github.com/go-openapi/swag v0.26.0 // indirect + github.com/go-openapi/swag/cmdutils v0.26.0 // indirect + github.com/go-openapi/swag/conv v0.26.0 // indirect + github.com/go-openapi/swag/fileutils v0.26.0 // indirect + github.com/go-openapi/swag/jsonname v0.26.0 // indirect + github.com/go-openapi/swag/jsonutils v0.26.0 // indirect + github.com/go-openapi/swag/loading v0.26.0 // indirect + github.com/go-openapi/swag/mangling v0.26.0 // indirect + github.com/go-openapi/swag/netutils v0.26.0 // indirect + github.com/go-openapi/swag/stringutils v0.26.0 // indirect + github.com/go-openapi/swag/typeutils v0.26.0 // indirect + github.com/go-openapi/swag/yamlutils v0.26.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/uuid v1.6.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -41,28 +40,25 @@ require ( github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/spf13/pflag v1.0.10 // indirect - github.com/stretchr/testify v1.11.1 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sys v0.39.0 // indirect - golang.org/x/term v0.38.0 // indirect - golang.org/x/text v0.32.0 // indirect - golang.org/x/time v0.14.0 // indirect - golang.org/x/tools v0.40.0 // indirect - google.golang.org/protobuf v1.36.11 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect + golang.org/x/time v0.15.0 // indirect + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect + k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af // indirect + k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.sum b/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.sum index 3ddf1cef0..63c26a3f2 100644 --- a/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.sum +++ b/third_party/github.com/banzaicloud/k8s-objectmatcher/tests/go.sum @@ -2,67 +2,60 @@ emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= -github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= -github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= -github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= -github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= -github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= -github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= -github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= -github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= -github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= -github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= -github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= -github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= -github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= -github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= -github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= -github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= -github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= -github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= -github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= -github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= -github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= -github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= -github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= -github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= -github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= -github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= -github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= -github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/go-openapi/jsonpointer v0.23.1 h1:1HBACs7XIwR2RcmItfdSFlALhGbe6S92p0ry4d1GWg4= +github.com/go-openapi/jsonpointer v0.23.1/go.mod h1:iWRmZTrGn7XwYhtPt/fvdSFj1OfNBngqRT2UG3BxSqY= +github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y= +github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY= +github.com/go-openapi/swag v0.26.0 h1:GVDXCmfvhfu1BxiHo8/FA+BbKmhecHnG3varjON5/RI= +github.com/go-openapi/swag v0.26.0/go.mod h1:82g3193sZJRbocs7bNCqGfIgq8pkuwVwCfhKIRlEQF0= +github.com/go-openapi/swag/cmdutils v0.26.0 h1:iowihOcvq7y4egO8cOq0dmfohz6wfeQ63U1EnuhO2TU= +github.com/go-openapi/swag/cmdutils v0.26.0/go.mod h1:Sm1MVFMkF6guJJ+pQqHnQA3N0j9qALV3NxzDSv6bETM= +github.com/go-openapi/swag/conv v0.26.0 h1:5yGGsPYI1ZCva93U0AoKi/iZrNhaJEjr324YVsiD89I= +github.com/go-openapi/swag/conv v0.26.0/go.mod h1:tpAmIL7X58VPnHHiSO4uE3jBeRamGsFsfdDeDtb5ECE= +github.com/go-openapi/swag/fileutils v0.26.0 h1:WJoPRvsA7QRiiWluowkLJa9jaYR7FCuxmDvnCgaRRxU= +github.com/go-openapi/swag/fileutils v0.26.0/go.mod h1:0WDJ7lp67eNjPMO50wAWYlKvhOb6CQ37rzR7wrgI8Tc= +github.com/go-openapi/swag/jsonname v0.26.0 h1:gV1NFX9M8avo0YSpmWogqfQISigCmpaiNci8cGECU5w= +github.com/go-openapi/swag/jsonname v0.26.0/go.mod h1:urBBR8bZNoDYGr653ynhIx+gTeIz0ARZxHkAPktJK2M= +github.com/go-openapi/swag/jsonutils v0.26.0 h1:FawFML2iAXsPqmERscuMPIHmFsoP1tOqWkxBaKNMsnA= +github.com/go-openapi/swag/jsonutils v0.26.0/go.mod h1:2VmA0CJlyFqgawOaPI9psnjFDqzyivIqLYN34t9p91E= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0 h1:apqeINu/ICHouqiRZbyFvuDge5jCmmLTqGQ9V95EaOM= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0/go.mod h1:AyM6QT8uz5IdKxk5akv0y6u4QvcL9GWERt0Jx/F/R8Y= +github.com/go-openapi/swag/loading v0.26.0 h1:Apg6zaKhCJurpJer0DCxq99qwmhFddBhaMX7kilDcko= +github.com/go-openapi/swag/loading v0.26.0/go.mod h1:dBxQ/6V2uBaAQdevN18VELE6xSpJWZxLX4txe12JwDg= +github.com/go-openapi/swag/mangling v0.26.0 h1:Du2YC4YLA/Y5m/YKQd7AnY5qq0wRKSFZTTt8ktFaXcQ= +github.com/go-openapi/swag/mangling v0.26.0/go.mod h1:jifS7W9vbg+pw63bT+GI53otluMQL3CeemuyCHKwVx0= +github.com/go-openapi/swag/netutils v0.26.0 h1:CmZp+ZT7HrmFwrC3GdGsXBq2+42T1bjKBapcqVpIs3c= +github.com/go-openapi/swag/netutils v0.26.0/go.mod h1:5iK+Ok3ZohWWex1C50BFTPexi03UaPwjW4Oj8kgrpwo= +github.com/go-openapi/swag/stringutils v0.26.0 h1:qZQngLxs5s7SLijc3N2ZO+fUq2o8LjuWAASSrJuh+xg= +github.com/go-openapi/swag/stringutils v0.26.0/go.mod h1:sWn5uY+QIIspwPhvgnqJsH8xqFT2ZbYcvbcFanRyhFE= +github.com/go-openapi/swag/typeutils v0.26.0 h1:2kdEwdiNWy+JJdOvu5MA2IIg2SylWAFuuyQIKYybfq4= +github.com/go-openapi/swag/typeutils v0.26.0/go.mod h1:oovDuIUvTrEHVMqWilQzKzV4YlSKgyZmFh7AlfABNVE= +github.com/go-openapi/swag/yamlutils v0.26.0 h1:H7O8l/8NJJQ/oiReEN+oMpnGMyt8G0hl460nRZxhLMQ= +github.com/go-openapi/swag/yamlutils v0.26.0/go.mod h1:1evKEGAtP37Pkwcc7EWMF0hedX0/x3Rkvei2wtG/TbU= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2 h1:5zRca5jw7lzVREKCZVNBpysDNBjj74rBh0N2BGQbSR0= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2/go.mod h1:XVevPw5hUXuV+5AkI1u1PeAm27EQVrhXTTCPAF85LmE= +github.com/go-openapi/testify/v2 v2.5.1 h1:TMdhCaw8fUNraVSf3Omoob1dO/AzBfhtFAPW0an6sBo= +github.com/go-openapi/testify/v2 v2.5.1/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -75,14 +68,11 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= @@ -95,57 +85,28 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -155,25 +116,25 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apiextensions-apiserver v0.36.1 h1:6JfYmPUsuUIHuN+3QxutXYWj492RqF5fBSx67GYK5Ks= +k8s.io/apiextensions-apiserver v0.36.1/go.mod h1:pLzZin90riwisdzKwv/GoTwENooytoIx5zWJb4Hkby8= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/client-go v0.36.1 h1:FN/K8QIT2CEDt+2WB2HnWrUANZ50AP5GII43/SP2JR0= +k8s.io/client-go v0.36.1/go.mod h1:s6rAnCtTGYDQnpNjEhSaISV+2O8jwruZ6m3QOYBFbtU= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af h1:zLXA2Irn14q2/06WMkxViyr7YCPUO2lJ0QYE9Juy5vA= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 h1:wU4tMEhLGgIbLvXQb1cfN+EcM0wf7zC6CPF+C79jroc= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/third_party/github.com/banzaicloud/operator-tools/go.mod b/third_party/github.com/banzaicloud/operator-tools/go.mod index 46559ca1b..8dbea43b6 100644 --- a/third_party/github.com/banzaicloud/operator-tools/go.mod +++ b/third_party/github.com/banzaicloud/operator-tools/go.mod @@ -1,26 +1,26 @@ module github.com/banzaicloud/operator-tools -go 1.25.0 +go 1.26.0 require ( emperror.dev/errors v0.8.1 github.com/banzaicloud/k8s-objectmatcher v1.8.0 github.com/briandowns/spinner v1.23.2 github.com/evanphx/json-patch/v5 v5.9.11 - github.com/fatih/color v1.18.0 + github.com/fatih/color v1.19.0 github.com/ghodss/yaml v1.0.0 github.com/go-logr/logr v1.4.3 github.com/iancoleman/orderedmap v0.3.0 github.com/pborman/uuid v1.2.1 github.com/spf13/cast v1.10.0 github.com/wayneashleyberry/terminal-dimensions v1.1.0 - helm.sh/helm/v3 v3.19.4 - k8s.io/api v0.34.3 - k8s.io/apiextensions-apiserver v0.34.3 - k8s.io/apimachinery v0.34.3 - k8s.io/client-go v0.34.3 - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 - sigs.k8s.io/controller-runtime v0.22.4 + helm.sh/helm/v3 v3.21.0 + k8s.io/api v0.36.1 + k8s.io/apiextensions-apiserver v0.36.1 + k8s.io/apimachinery v0.36.1 + k8s.io/client-go v0.36.1 + k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 + sigs.k8s.io/controller-runtime v0.24.1 sigs.k8s.io/yaml v1.6.0 ) @@ -34,7 +34,7 @@ require ( require ( dario.cat/mergo v1.0.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect - github.com/BurntSushi/toml v1.5.0 // indirect + github.com/BurntSushi/toml v1.6.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect @@ -45,42 +45,38 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.29 // indirect + github.com/containerd/containerd v1.7.30 // indirect github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/coreos/go-systemd/v22 v22.6.0 // indirect github.com/cyphar/filepath-securejoin v0.6.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect - github.com/fsnotify/fsnotify v1.9.0 // indirect - github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/fsnotify/fsnotify v1.10.1 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-openapi/jsonpointer v0.22.4 // indirect - github.com/go-openapi/jsonreference v0.21.4 // indirect - github.com/go-openapi/swag v0.25.4 // indirect - github.com/go-openapi/swag/cmdutils v0.25.4 // indirect - github.com/go-openapi/swag/conv v0.25.4 // indirect - github.com/go-openapi/swag/fileutils v0.25.4 // indirect - github.com/go-openapi/swag/jsonname v0.25.4 // indirect - github.com/go-openapi/swag/jsonutils v0.25.4 // indirect - github.com/go-openapi/swag/loading v0.25.4 // indirect - github.com/go-openapi/swag/mangling v0.25.4 // indirect - github.com/go-openapi/swag/netutils v0.25.4 // indirect - github.com/go-openapi/swag/stringutils v0.25.4 // indirect - github.com/go-openapi/swag/typeutils v0.25.4 // indirect - github.com/go-openapi/swag/yamlutils v0.25.4 // indirect + github.com/go-openapi/jsonpointer v0.23.1 // indirect + github.com/go-openapi/jsonreference v0.21.6 // indirect + github.com/go-openapi/swag v0.26.0 // indirect + github.com/go-openapi/swag/cmdutils v0.26.0 // indirect + github.com/go-openapi/swag/conv v0.26.0 // indirect + github.com/go-openapi/swag/fileutils v0.26.0 // indirect + github.com/go-openapi/swag/jsonname v0.26.0 // indirect + github.com/go-openapi/swag/jsonutils v0.26.0 // indirect + github.com/go-openapi/swag/loading v0.26.0 // indirect + github.com/go-openapi/swag/mangling v0.26.0 // indirect + github.com/go-openapi/swag/netutils v0.26.0 // indirect + github.com/go-openapi/swag/stringutils v0.26.0 // indirect + github.com/go-openapi/swag/typeutils v0.26.0 // indirect + github.com/go-openapi/swag/yamlutils v0.26.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gosuri/uitable v0.0.4 // indirect - github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/huandu/xstrings v1.5.0 // indirect @@ -90,21 +86,19 @@ require ( github.com/klauspost/compress v1.18.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/lib/pq v1.10.9 // indirect + github.com/lib/pq v1.11.2 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-colorable v0.1.15 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -112,53 +106,50 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.23.2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.67.4 // indirect - github.com/prometheus/procfs v0.19.2 // indirect - github.com/rogpeppe/go-internal v1.14.1 // indirect - github.com/rubenv/sql-migrate v1.8.0 // indirect + github.com/prometheus/common v0.68.0 // indirect + github.com/prometheus/procfs v0.20.1 // indirect + github.com/rubenv/sql-migrate v1.8.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect - github.com/sergi/go-diff v1.4.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.1 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.uber.org/zap v1.28.0 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.46.0 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.39.0 // indirect - golang.org/x/term v0.38.0 // indirect - golang.org/x/text v0.32.0 // indirect - golang.org/x/time v0.14.0 // indirect - golang.org/x/tools v0.40.0 // indirect + golang.org/x/crypto v0.52.0 // indirect + golang.org/x/net v0.55.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect + golang.org/x/time v0.15.0 // indirect + golang.org/x/tools v0.45.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect - google.golang.org/grpc v1.77.0 // indirect - google.golang.org/protobuf v1.36.11 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa // indirect + google.golang.org/grpc v1.81.1 // indirect + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.34.3 // indirect - k8s.io/cli-runtime v0.34.2 // indirect - k8s.io/component-base v0.34.3 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect - k8s.io/kubectl v0.34.2 // indirect + k8s.io/apiserver v0.36.1 // indirect + k8s.io/cli-runtime v0.36.1 // indirect + k8s.io/component-base v0.36.1 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af // indirect + k8s.io/kubectl v0.36.1 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect - sigs.k8s.io/kustomize/api v0.20.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect + sigs.k8s.io/kustomize/api v0.21.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect ) diff --git a/third_party/github.com/banzaicloud/operator-tools/go.sum b/third_party/github.com/banzaicloud/operator-tools/go.sum index 9f945c8b1..b1cbeb22e 100644 --- a/third_party/github.com/banzaicloud/operator-tools/go.sum +++ b/third_party/github.com/banzaicloud/operator-tools/go.sum @@ -11,8 +11,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -30,8 +30,6 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/banzaicloud/k8s-objectmatcher v1.8.0 h1:Nugn25elKtPMTA2br+JgHNeSQ04sc05MDPmpJnd1N2A= @@ -44,8 +42,6 @@ github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2 github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= -github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -54,16 +50,16 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE= -github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= +github.com/containerd/containerd v1.7.30 h1:/2vezDpLDVGGmkUXmlNPLCCNKHJ5BbC5tJB5JNzQhqE= +github.com/containerd/containerd v1.7.30/go.mod h1:fek494vwJClULlTpExsmOyKCMUAbuVjlFsJQc4/j44M= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= -github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= -github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= +github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA= +github.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -102,20 +98,20 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= -github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/foxcpp/go-mockdns v1.2.0 h1:omK3OrHRD1IWJz1FuFBCFquhXslXoF17OvBS6JPzZF0= +github.com/foxcpp/go-mockdns v1.2.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho= +github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -132,43 +128,43 @@ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= -github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= +github.com/go-openapi/jsonpointer v0.23.1 h1:1HBACs7XIwR2RcmItfdSFlALhGbe6S92p0ry4d1GWg4= +github.com/go-openapi/jsonpointer v0.23.1/go.mod h1:iWRmZTrGn7XwYhtPt/fvdSFj1OfNBngqRT2UG3BxSqY= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= -github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= +github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y= +github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= -github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= -github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= -github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= -github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= -github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= -github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= -github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= -github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= -github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= -github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= -github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= -github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= -github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= -github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= -github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= -github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= -github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= -github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= -github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= -github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= -github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= -github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= -github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= -github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= -github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +github.com/go-openapi/swag v0.26.0 h1:GVDXCmfvhfu1BxiHo8/FA+BbKmhecHnG3varjON5/RI= +github.com/go-openapi/swag v0.26.0/go.mod h1:82g3193sZJRbocs7bNCqGfIgq8pkuwVwCfhKIRlEQF0= +github.com/go-openapi/swag/cmdutils v0.26.0 h1:iowihOcvq7y4egO8cOq0dmfohz6wfeQ63U1EnuhO2TU= +github.com/go-openapi/swag/cmdutils v0.26.0/go.mod h1:Sm1MVFMkF6guJJ+pQqHnQA3N0j9qALV3NxzDSv6bETM= +github.com/go-openapi/swag/conv v0.26.0 h1:5yGGsPYI1ZCva93U0AoKi/iZrNhaJEjr324YVsiD89I= +github.com/go-openapi/swag/conv v0.26.0/go.mod h1:tpAmIL7X58VPnHHiSO4uE3jBeRamGsFsfdDeDtb5ECE= +github.com/go-openapi/swag/fileutils v0.26.0 h1:WJoPRvsA7QRiiWluowkLJa9jaYR7FCuxmDvnCgaRRxU= +github.com/go-openapi/swag/fileutils v0.26.0/go.mod h1:0WDJ7lp67eNjPMO50wAWYlKvhOb6CQ37rzR7wrgI8Tc= +github.com/go-openapi/swag/jsonname v0.26.0 h1:gV1NFX9M8avo0YSpmWogqfQISigCmpaiNci8cGECU5w= +github.com/go-openapi/swag/jsonname v0.26.0/go.mod h1:urBBR8bZNoDYGr653ynhIx+gTeIz0ARZxHkAPktJK2M= +github.com/go-openapi/swag/jsonutils v0.26.0 h1:FawFML2iAXsPqmERscuMPIHmFsoP1tOqWkxBaKNMsnA= +github.com/go-openapi/swag/jsonutils v0.26.0/go.mod h1:2VmA0CJlyFqgawOaPI9psnjFDqzyivIqLYN34t9p91E= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0 h1:apqeINu/ICHouqiRZbyFvuDge5jCmmLTqGQ9V95EaOM= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0/go.mod h1:AyM6QT8uz5IdKxk5akv0y6u4QvcL9GWERt0Jx/F/R8Y= +github.com/go-openapi/swag/loading v0.26.0 h1:Apg6zaKhCJurpJer0DCxq99qwmhFddBhaMX7kilDcko= +github.com/go-openapi/swag/loading v0.26.0/go.mod h1:dBxQ/6V2uBaAQdevN18VELE6xSpJWZxLX4txe12JwDg= +github.com/go-openapi/swag/mangling v0.26.0 h1:Du2YC4YLA/Y5m/YKQd7AnY5qq0wRKSFZTTt8ktFaXcQ= +github.com/go-openapi/swag/mangling v0.26.0/go.mod h1:jifS7W9vbg+pw63bT+GI53otluMQL3CeemuyCHKwVx0= +github.com/go-openapi/swag/netutils v0.26.0 h1:CmZp+ZT7HrmFwrC3GdGsXBq2+42T1bjKBapcqVpIs3c= +github.com/go-openapi/swag/netutils v0.26.0/go.mod h1:5iK+Ok3ZohWWex1C50BFTPexi03UaPwjW4Oj8kgrpwo= +github.com/go-openapi/swag/stringutils v0.26.0 h1:qZQngLxs5s7SLijc3N2ZO+fUq2o8LjuWAASSrJuh+xg= +github.com/go-openapi/swag/stringutils v0.26.0/go.mod h1:sWn5uY+QIIspwPhvgnqJsH8xqFT2ZbYcvbcFanRyhFE= +github.com/go-openapi/swag/typeutils v0.26.0 h1:2kdEwdiNWy+JJdOvu5MA2IIg2SylWAFuuyQIKYybfq4= +github.com/go-openapi/swag/typeutils v0.26.0/go.mod h1:oovDuIUvTrEHVMqWilQzKzV4YlSKgyZmFh7AlfABNVE= +github.com/go-openapi/swag/yamlutils v0.26.0 h1:H7O8l/8NJJQ/oiReEN+oMpnGMyt8G0hl460nRZxhLMQ= +github.com/go-openapi/swag/yamlutils v0.26.0/go.mod h1:1evKEGAtP37Pkwcc7EWMF0hedX0/x3Rkvei2wtG/TbU= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2 h1:5zRca5jw7lzVREKCZVNBpysDNBjj74rBh0N2BGQbSR0= +github.com/go-openapi/testify/enable/yaml/v2 v2.4.2/go.mod h1:XVevPw5hUXuV+5AkI1u1PeAm27EQVrhXTTCPAF85LmE= +github.com/go-openapi/testify/v2 v2.5.1 h1:TMdhCaw8fUNraVSf3Omoob1dO/AzBfhtFAPW0an6sBo= +github.com/go-openapi/testify/v2 v2.5.1/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -178,8 +174,6 @@ github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncV github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -209,8 +203,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -220,14 +214,10 @@ github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyE github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= -github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= -github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= -github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 h1:5VipnvEpbqr2gA2VbM+nYVbkIF28c5ZQfqCBQ5g2xfk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0/go.mod h1:Hyl3n6Twe1hvtd9XUXDec4pTvgMSEixRuQKPTMH2bNs= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -253,11 +243,9 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -271,15 +259,16 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs= +github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= -github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-colorable v0.1.15 h1:+u9SLTRGnXv73cEsnsmoZBom+dMU88B2M0aDcWy0/jY= +github.com/mattn/go-colorable v0.1.15/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= @@ -292,8 +281,6 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -309,18 +296,17 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= +github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -343,10 +329,12 @@ github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UH github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= -github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= -github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= -github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/prometheus/common v0.68.0 h1:8rQJvQmYltsR2L7h8Zw0Iyj8WYNNmpwikoQTZXwfVeA= +github.com/prometheus/common v0.68.0/go.mod h1:4soH+U8yJSROk7OJ//hmTiWKsxapv6zRGgTt3keN8gQ= +github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos= +github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= +github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= @@ -355,8 +343,8 @@ github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0 github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= -github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o= -github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw= +github.com/rubenv/sql-migrate v1.8.1 h1:EPNwCvjAowHI3TnZ+4fQu3a915OpnQoPAjTXCGOy2U0= +github.com/rubenv/sql-migrate v1.8.1/go.mod h1:BTIKBORjzyxZDS6dzoiw6eAFYJ1iNlGAtjn4LGeVjS8= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= @@ -392,102 +380,92 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ= -go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= -go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= -go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= -go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= -go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8= -go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 h1:f0cb2XPmrqn4XMy9PNliTgRKJgS5WcL/u0/WRYGz4t0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0/go.mod h1:vnakAaFckOMiMtOIhFI2MNH4FYrZzXCYxmb1LlhoGz8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 h1:in9O8ESIOlwJAEGTkkf34DesGRAc/Pn8qJ7k3r/42LM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0/go.mod h1:Rp0EXBm5tfnv0WL+ARyO/PHBEaEAT8UUHQ6AGJcSq6c= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= -go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU= -go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU= -go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU= -go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s= -go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk= -go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= -go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= -go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= -go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= -go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= -go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= -go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= -go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= -go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= -go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= -go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= -go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= -go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 h1:8tvICD4vSTOOsNrsI4Ljf6C+6UKvpTEH5XY3JMoyPoo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0/go.mod h1:z9+yiacE0IHRqM4qFfkbt/JYlmYXgss8GY/jXoNuPJI= +go.opentelemetry.io/otel v1.44.0 h1:JjwHmHpA4iZ3wBxluu2fbbE7j4kqlE8jXyAyPXH7HqU= +go.opentelemetry.io/otel v1.44.0/go.mod h1:BMgjTHL9WPRlRjL2oZCBTL4whCGtXch2H4BhOPIAyYc= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0 h1:Dn8rkudDzY6KV9dr/D/bTUuWgqDf9xe0rr4G2elrn0Y= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0/go.mod h1:gMk9F0xDgyN9M/3Ed5Y1wKcx/9mlU91NXY2SNq7RQuU= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0 h1:HIBTQ3VO5aupLKjC90JgMqpezVXwFuq6Ryjn0/izoag= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0/go.mod h1:ji9vId85hMxqfvICA0Jt8JqEdrXaAkcpkI9HPXya0ro= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 h1:8UQVDcZxOJLtX6gxtDt3vY2WTgvZqMQRzjsqiIHQdkc= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0/go.mod h1:2lmweYCiHYpEjQ/lSJBYhj9jP1zvCvQW4BqL9dnT7FQ= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 h1:w1K+pCJoPpQifuVpsKamUdn9U0zM3xUziVOqsGksUrY= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0/go.mod h1:HBy4BjzgVE8139ieRI75oXm3EcDN+6GhD88JT1Kjvxg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 h1:4YsVu3B8+3qtWYYrsUYgn0OG78pN0rnNPRGX4SbokQI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0/go.mod h1:+wnlSn0mD1ADVMe3v9Z/WIaiz6q6gL2J/ejaAmdmv80= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 h1:qazEJlUOQzhCpzQpFETGby7EdqjI1wsd0W+6Gg1SCTU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0/go.mod h1:fOD2Yefuxixkx3ahVNf0O/PERb6r4OlbxfATVnYvzCo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 h1:3iZJKlCZufyRzPzlQhUIWVmfltrXuGyfjREgGP3UUjc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0/go.mod h1:/G+nUPfhq2e+qiXMGxMwumDrP5jtzU+mWN7/sjT2rak= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0 h1:jOveH/b4lU9HT7y+Gfamf18BqlOuz2PWEvs8yM7Q6XE= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0/go.mod h1:i1P8pcumauPtUI4YNopea1dhzEMuEqWP1xoUZDylLHo= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.19.0 h1:GJkybS+crDMdExT/BUNCEgfrmfboztcS6PhvSo88HKM= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.19.0/go.mod h1:NuAyxRYIG2lKX3YQkB+83StTxM7s52PUUkRRiC0wnYI= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0 h1:TC+BewnDpeiAmcscXbGMfxkO+mwYUwE/VySwvw88PfA= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0/go.mod h1:J/ZyF4vfPwsSr9xJSPyQ4LqtcTPULFR64KwTikGLe+A= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 h1:mS47AX77OtFfKG4vtp+84kuGSFZHTyxtXIN269vChY0= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0/go.mod h1:PJnsC41lAGncJlPUniSwM81gc80GkgWJWr3cu2nKEtU= +go.opentelemetry.io/otel/log v0.19.0 h1:KUZs/GOsw79TBBMfDWsXS+KZ4g2Ckzksd1ymzsIEbo4= +go.opentelemetry.io/otel/log v0.19.0/go.mod h1:5DQYeGmxVIr4n0/BcJvF4upsraHjg6vudJJpnkL6Ipk= +go.opentelemetry.io/otel/metric v1.44.0 h1:1w0gILTcHdr3YI+ixLyjemwrVnsMURbTZFrSYCdDdmc= +go.opentelemetry.io/otel/metric v1.44.0/go.mod h1:8O7hanEPBNgEMmybD3s2VBKcgWOCsA6tzHBPODAiquo= +go.opentelemetry.io/otel/sdk v1.44.0 h1:nHYwb9lK+fJPU/dnT6s7W7Z8itMWyqrnVfbheVYrZ58= +go.opentelemetry.io/otel/sdk v1.44.0/go.mod h1:Osuydd3Se74nqjAKxid74N5eC+jfEqfTegHRnq58oK0= +go.opentelemetry.io/otel/sdk/log v0.19.0 h1:scYVLqT22D2gqXItnWiocLUKGH9yvkkeql5dBDiXyko= +go.opentelemetry.io/otel/sdk/log v0.19.0/go.mod h1:vFBowwXGLlW9AvpuF7bMgnNI95LiW10szrOdvzBHlAg= +go.opentelemetry.io/otel/sdk/metric v1.44.0 h1:3LlKgI+VjbVsjNRFZJZAJ30WjXC5VkNRks6si09iEfI= +go.opentelemetry.io/otel/sdk/metric v1.44.0/go.mod h1:5B5pMARnXxKhltooO4xUuCBorl65a4EpnTalObqOigA= +go.opentelemetry.io/otel/trace v1.44.0 h1:jxF5CsGYCe74MCRx2X4g7WsY/VBKRqqpNvXlX/6gtIk= +go.opentelemetry.io/otel/trace v1.44.0/go.mod h1:oLl1jrMQAVo6v3GAggN+1VH9VIz9iUSvW53sW1Q8PIE= +go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= +go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= +golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -495,20 +473,18 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= -golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -516,15 +492,9 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -532,15 +502,16 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 h1:7LRqPCEdE4TP4/9psdaB7F2nhZFfBiGJomA5sojLWdU= -google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 h1:2I6GHUeJ/4shcDpoUlLs/2WPnhg7yJwvXtqcMJt9liA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa h1:Kjn0N0tCrDgiAFW+lGO4JZ3ck44CehvJQMAwj9QF0G8= +google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:q4lMZS6kskjT5HvCPrnnypcDPVJqT/f4nfxmkE7gryY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa h1:mZHHdPZl0dbGHCflZgAq/Q468DWVFcU2whhB2KAo8fk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= -google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= +google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ= +google.golang.org/grpc v1.81.1/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -550,8 +521,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -570,52 +541,52 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -helm.sh/helm/v3 v3.19.4 h1:E2yFBejmZBczWr5LblhjZbvAOAwVumfBO1AtN3nqI30= -helm.sh/helm/v3 v3.19.4/go.mod h1:PC1rk7PqacpkV4acUFMLStOOis7QM9Jq3DveHBInu4s= +helm.sh/helm/v3 v3.21.0 h1:9TRbaXQH+BIKLLDYlu++JsyWodS5kBBOLF7C7HY5+cs= +helm.sh/helm/v3 v3.21.0/go.mod h1:5IvU6Ae6ruB/vasVHhnC1IU5RvqFM349vLYS1BiHqeY= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apiextensions-apiserver v0.36.1 h1:6JfYmPUsuUIHuN+3QxutXYWj492RqF5fBSx67GYK5Ks= +k8s.io/apiextensions-apiserver v0.36.1/go.mod h1:pLzZin90riwisdzKwv/GoTwENooytoIx5zWJb4Hkby8= k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/apiserver v0.34.3 h1:uGH1qpDvSiYG4HVFqc6A3L4CKiX+aBWDrrsxHYK0Bdo= -k8s.io/apiserver v0.34.3/go.mod h1:QPnnahMO5C2m3lm6fPW3+JmyQbvHZQ8uudAu/493P2w= -k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= -k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= -k8s.io/component-base v0.34.3 h1:zsEgw6ELqK0XncCQomgO9DpUIzlrYuZYA0Cgo+JWpVk= -k8s.io/component-base v0.34.3/go.mod h1:5iIlD8wPfWE/xSHTRfbjuvUul2WZbI2nOUK65XL0E/c= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/apiserver v0.36.1 h1:iMS5V+rPUertv5P9RaqJgmHHTuh4quWpoxchvMUY+JY= +k8s.io/apiserver v0.36.1/go.mod h1:Cby1PbLWztu0GDOxoO6iFOyyqIsziHNEW+w9zVQ22Kw= +k8s.io/cli-runtime v0.36.1 h1:yuC/BGnnj1YYPh6D1P+pZnzinCs6DvMq86yAeNqoqzM= +k8s.io/cli-runtime v0.36.1/go.mod h1:ZQWHGt8xAF7KnviB79vX0lYNyUUqKIpU+LQg7exuFAw= +k8s.io/client-go v0.36.1 h1:FN/K8QIT2CEDt+2WB2HnWrUANZ50AP5GII43/SP2JR0= +k8s.io/client-go v0.36.1/go.mod h1:s6rAnCtTGYDQnpNjEhSaISV+2O8jwruZ6m3QOYBFbtU= +k8s.io/component-base v0.36.1 h1:iG6GsELftXqTNG9HG6kiVjatSgAw1sf5pJ6R5a6N0kA= +k8s.io/component-base v0.36.1/go.mod h1:nf9XPlntRdqO6WMeEWAA5F93Y4ICZQdeT9GeqLDB3JI= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e h1:iW9ChlU0cU16w8MpVYjXk12dqQ4BPFBEgif+ap7/hqQ= -k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= -k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= -k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af h1:zLXA2Irn14q2/06WMkxViyr7YCPUO2lJ0QYE9Juy5vA= +k8s.io/kube-openapi v0.0.0-20260520065146-aa012df4f4af/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/kubectl v0.36.1 h1:96HqS9twIdHM0MlJLTwbo14b9kUKPkOzZ4tlRDLv4qI= +k8s.io/kubectl v0.36.1/go.mod h1:/DGPAIewKsFWF9VFgGvkPhao2Ev4SNuE3BioZo8yPbk= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2 h1:wU4tMEhLGgIbLvXQb1cfN+EcM0wf7zC6CPF+C79jroc= +k8s.io/utils v0.0.0-20260507154919-ff6756f316d2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +sigs.k8s.io/controller-runtime v0.24.1 h1:miPEwrmirImAvgME1L9qebGHrOnGJoVmVdtOU9fRfo4= +sigs.k8s.io/controller-runtime v0.24.1/go.mod h1:vFkfY5fGt5xAC/sKb8IBFKgWPNKG9OUG29dR8Y2wImw= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= -sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM= -sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78= -sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= +sigs.k8s.io/kustomize/api v0.21.1 h1:lzqbzvz2CSvsjIUZUBNFKtIMsEw7hVLJp0JeSIVmuJs= +sigs.k8s.io/kustomize/api v0.21.1/go.mod h1:f3wkKByTrgpgltLgySCntrYoq5d3q7aaxveSagwTlwI= +sigs.k8s.io/kustomize/kyaml v0.21.1 h1:IVlbmhC076nf6foyL6Taw4BkrLuEsXUXNpsE+ScX7fI= +sigs.k8s.io/kustomize/kyaml v0.21.1/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= diff --git a/third_party/github.com/banzaicloud/operator-tools/pkg/prometheus/servicemonitor.go b/third_party/github.com/banzaicloud/operator-tools/pkg/prometheus/servicemonitor.go index cca79cb0c..06241b985 100644 --- a/third_party/github.com/banzaicloud/operator-tools/pkg/prometheus/servicemonitor.go +++ b/third_party/github.com/banzaicloud/operator-tools/pkg/prometheus/servicemonitor.go @@ -33,7 +33,7 @@ var ( GroupVersion = schema.GroupVersion{Group: "monitoring.coreos.com", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} //nolint:staticcheck // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme diff --git a/third_party/github.com/banzaicloud/operator-tools/pkg/reconciler/resource.go b/third_party/github.com/banzaicloud/operator-tools/pkg/reconciler/resource.go index 0fedb30c9..4956941aa 100644 --- a/third_party/github.com/banzaicloud/operator-tools/pkg/reconciler/resource.go +++ b/third_party/github.com/banzaicloud/operator-tools/pkg/reconciler/resource.go @@ -704,7 +704,7 @@ func crdReadyV1(crd *v1.CustomResourceDefinition) bool { if cond.Status == v1.ConditionTrue { return true } - case v1.NamesAccepted, v1.NonStructuralSchema, v1.Terminating, v1.KubernetesAPIApprovalPolicyConformant: + case v1.NamesAccepted, v1.NonStructuralSchema, v1.Terminating, v1.KubernetesAPIApprovalPolicyConformant, v1.StorageMigrating: // These conditions are not relevant for readiness check } }