diff --git a/api-ref-assets/api/swagger.json b/api-ref-assets/api/swagger.json index 399f47223fa4c..980551e60cad3 100644 --- a/api-ref-assets/api/swagger.json +++ b/api-ref-assets/api/swagger.json @@ -1178,7 +1178,7 @@ "properties": { "maxSurge": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", - "description": "The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate." + "description": "The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption." }, "maxUnavailable": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", @@ -1217,7 +1217,7 @@ "type": "object" }, "io.k8s.api.apps.v1.StatefulSet": { - "description": "StatefulSet represents a set of pods with consistent identities. Identities are defined as:\n - Network: A single stable DNS and hostname.\n - Storage: As many VolumeClaims as requested.\nThe StatefulSet guarantees that a given network identity will always map to the same storage identity.", + "description": "StatefulSet represents a set of pods with consistent identities. Identities are defined as:\n - Network: A single stable DNS and hostname.\n - Storage: As many VolumeClaims as requested.\n\nThe StatefulSet guarantees that a given network identity will always map to the same storage identity.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -1332,7 +1332,7 @@ "description": "A StatefulSetSpec is the specification of a StatefulSet.", "properties": { "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", "format": "int32", "type": "integer" }, @@ -1389,7 +1389,7 @@ "description": "StatefulSetStatus represents the current state of a StatefulSet.", "properties": { "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. This is a beta field and enabled/disabled by StatefulSetMinReadySeconds feature gate.", + "description": "Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.", "format": "int32", "type": "integer" }, @@ -1522,7 +1522,7 @@ "description": "TokenRequestSpec contains client provided parameters of a token request.", "properties": { "audiences": { - "description": "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.", + "description": "Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.", "items": { "type": "string" }, @@ -2854,523 +2854,6 @@ ], "type": "object" }, - "io.k8s.api.autoscaling.v2beta1.ContainerResourceMetricSource": { - "description": "ContainerResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source. Only one \"target\" type should be set.", - "properties": { - "container": { - "description": "container is the name of the container in the pods of the scaling target", - "type": "string" - }, - "name": { - "description": "name is the name of the resource in question.", - "type": "string" - }, - "targetAverageUtilization": { - "description": "targetAverageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", - "format": "int32", - "type": "integer" - }, - "targetAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetAverageValue is the target value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the \"pods\" metric source type." - } - }, - "required": [ - "name", - "container" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ContainerResourceMetricStatus": { - "description": "ContainerResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing a single container in each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source.", - "properties": { - "container": { - "description": "container is the name of the container in the pods of the scaling target", - "type": "string" - }, - "currentAverageUtilization": { - "description": "currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. It will only be present if `targetAverageValue` was set in the corresponding metric specification.", - "format": "int32", - "type": "integer" - }, - "currentAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentAverageValue is the current value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the \"pods\" metric source type. It will always be set, regardless of the corresponding metric specification." - }, - "name": { - "description": "name is the name of the resource in question.", - "type": "string" - } - }, - "required": [ - "name", - "currentAverageValue", - "container" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.CrossVersionObjectReference": { - "description": "CrossVersionObjectReference contains enough information to let you identify the referred resource.", - "properties": { - "apiVersion": { - "description": "API version of the referent", - "type": "string" - }, - "kind": { - "description": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", - "type": "string" - }, - "name": { - "description": "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ExternalMetricSource": { - "description": "ExternalMetricSource indicates how to scale on a metric not associated with any Kubernetes object (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster). Exactly one \"target\" type should be set.", - "properties": { - "metricName": { - "description": "metricName is the name of the metric in question.", - "type": "string" - }, - "metricSelector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "metricSelector is used to identify a specific time series within a given metric." - }, - "targetAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetAverageValue is the target per-pod value of global metric (as a quantity). Mutually exclusive with TargetValue." - }, - "targetValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetValue is the target value of the metric (as a quantity). Mutually exclusive with TargetAverageValue." - } - }, - "required": [ - "metricName" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ExternalMetricStatus": { - "description": "ExternalMetricStatus indicates the current value of a global metric not associated with any Kubernetes object.", - "properties": { - "currentAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentAverageValue is the current value of metric averaged over autoscaled pods." - }, - "currentValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentValue is the current value of the metric (as a quantity)" - }, - "metricName": { - "description": "metricName is the name of a metric used for autoscaling in metric system.", - "type": "string" - }, - "metricSelector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "metricSelector is used to identify a specific time series within a given metric." - } - }, - "required": [ - "metricName", - "currentValue" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler": { - "description": "HorizontalPodAutoscaler is the configuration for a horizontal pod autoscaler, which automatically manages the replica count of any resource implementing the scale subresource based on the metrics specified.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "metadata is the standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec", - "description": "spec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status." - }, - "status": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerStatus", - "description": "status is the current information about the autoscaler." - } - }, - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" - } - ] - }, - "io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerCondition": { - "description": "HorizontalPodAutoscalerCondition describes the state of a HorizontalPodAutoscaler at a certain point.", - "properties": { - "lastTransitionTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "lastTransitionTime is the last time the condition transitioned from one status to another" - }, - "message": { - "description": "message is a human-readable explanation containing details about the transition", - "type": "string" - }, - "reason": { - "description": "reason is the reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status is the status of the condition (True, False, Unknown)", - "type": "string" - }, - "type": { - "description": "type describes the current condition", - "type": "string" - } - }, - "required": [ - "type", - "status" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerList": { - "description": "HorizontalPodAutoscaler is a list of horizontal pod autoscaler objects.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of horizontal pod autoscaler objects.", - "items": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "metadata is the standard list metadata." - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "autoscaling", - "kind": "HorizontalPodAutoscalerList", - "version": "v2beta1" - } - ] - }, - "io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec": { - "description": "HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.", - "properties": { - "maxReplicas": { - "description": "maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas.", - "format": "int32", - "type": "integer" - }, - "metrics": { - "description": "metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond.", - "items": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.MetricSpec" - }, - "type": "array" - }, - "minReplicas": { - "description": "minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.", - "format": "int32", - "type": "integer" - }, - "scaleTargetRef": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.CrossVersionObjectReference", - "description": "scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count." - } - }, - "required": [ - "scaleTargetRef", - "maxReplicas" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerStatus": { - "description": "HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.", - "properties": { - "conditions": { - "description": "conditions is the set of conditions required for this autoscaler to scale its target, and indicates whether or not those conditions are met.", - "items": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerCondition" - }, - "type": "array" - }, - "currentMetrics": { - "description": "currentMetrics is the last read state of the metrics used by this autoscaler.", - "items": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.MetricStatus" - }, - "type": "array" - }, - "currentReplicas": { - "description": "currentReplicas is current number of replicas of pods managed by this autoscaler, as last seen by the autoscaler.", - "format": "int32", - "type": "integer" - }, - "desiredReplicas": { - "description": "desiredReplicas is the desired number of replicas of pods managed by this autoscaler, as last calculated by the autoscaler.", - "format": "int32", - "type": "integer" - }, - "lastScaleTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, used by the autoscaler to control how often the number of pods is changed." - }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed by this autoscaler.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "currentReplicas", - "desiredReplicas" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.MetricSpec": { - "description": "MetricSpec specifies how to scale based on a single metric (only `type` and one other matching field should be set at once).", - "properties": { - "containerResource": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ContainerResourceMetricSource", - "description": "container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod of the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source. This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag." - }, - "external": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ExternalMetricSource", - "description": "external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster)." - }, - "object": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ObjectMetricSource", - "description": "object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object)." - }, - "pods": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.PodsMetricSource", - "description": "pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value." - }, - "resource": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ResourceMetricSource", - "description": "resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source." - }, - "type": { - "description": "type is the type of metric source. It should be one of \"ContainerResource\", \"External\", \"Object\", \"Pods\" or \"Resource\", each mapping to a matching field in the object. Note: \"ContainerResource\" type is available on when the feature-gate HPAContainerMetrics is enabled", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.MetricStatus": { - "description": "MetricStatus describes the last-read state of a single metric.", - "properties": { - "containerResource": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ContainerResourceMetricStatus", - "description": "container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source." - }, - "external": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ExternalMetricStatus", - "description": "external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster)." - }, - "object": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ObjectMetricStatus", - "description": "object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object)." - }, - "pods": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.PodsMetricStatus", - "description": "pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value." - }, - "resource": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.ResourceMetricStatus", - "description": "resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source." - }, - "type": { - "description": "type is the type of metric source. It will be one of \"ContainerResource\", \"External\", \"Object\", \"Pods\" or \"Resource\", each corresponds to a matching field in the object. Note: \"ContainerResource\" type is available on when the feature-gate HPAContainerMetrics is enabled", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ObjectMetricSource": { - "description": "ObjectMetricSource indicates how to scale on a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).", - "properties": { - "averageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "averageValue is the target value of the average of the metric across all relevant pods (as a quantity)" - }, - "metricName": { - "description": "metricName is the name of the metric in question.", - "type": "string" - }, - "selector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping When unset, just the metricName will be used to gather metrics." - }, - "target": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.CrossVersionObjectReference", - "description": "target is the described Kubernetes object." - }, - "targetValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetValue is the target value of the metric (as a quantity)." - } - }, - "required": [ - "target", - "metricName", - "targetValue" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ObjectMetricStatus": { - "description": "ObjectMetricStatus indicates the current value of a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).", - "properties": { - "averageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "averageValue is the current value of the average of the metric across all relevant pods (as a quantity)" - }, - "currentValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentValue is the current value of the metric (as a quantity)." - }, - "metricName": { - "description": "metricName is the name of the metric in question.", - "type": "string" - }, - "selector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics." - }, - "target": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.CrossVersionObjectReference", - "description": "target is the described Kubernetes object." - } - }, - "required": [ - "target", - "metricName", - "currentValue" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.PodsMetricSource": { - "description": "PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.", - "properties": { - "metricName": { - "description": "metricName is the name of the metric in question", - "type": "string" - }, - "selector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping When unset, just the metricName will be used to gather metrics." - }, - "targetAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetAverageValue is the target value of the average of the metric across all relevant pods (as a quantity)" - } - }, - "required": [ - "metricName", - "targetAverageValue" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.PodsMetricStatus": { - "description": "PodsMetricStatus indicates the current value of a metric describing each pod in the current scale target (for example, transactions-processed-per-second).", - "properties": { - "currentAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentAverageValue is the current value of the average of the metric across all relevant pods (as a quantity)" - }, - "metricName": { - "description": "metricName is the name of the metric in question", - "type": "string" - }, - "selector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics." - } - }, - "required": [ - "metricName", - "currentAverageValue" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ResourceMetricSource": { - "description": "ResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source. Only one \"target\" type should be set.", - "properties": { - "name": { - "description": "name is the name of the resource in question.", - "type": "string" - }, - "targetAverageUtilization": { - "description": "targetAverageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", - "format": "int32", - "type": "integer" - }, - "targetAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "targetAverageValue is the target value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the \"pods\" metric source type." - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.autoscaling.v2beta1.ResourceMetricStatus": { - "description": "ResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source.", - "properties": { - "currentAverageUtilization": { - "description": "currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. It will only be present if `targetAverageValue` was set in the corresponding metric specification.", - "format": "int32", - "type": "integer" - }, - "currentAverageValue": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", - "description": "currentAverageValue is the current value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the \"pods\" metric source type. It will always be set, regardless of the corresponding metric specification." - }, - "name": { - "description": "name is the name of the resource in question.", - "type": "string" - } - }, - "required": [ - "name", - "currentAverageValue" - ], - "type": "object" - }, "io.k8s.api.autoscaling.v2beta2.ContainerResourceMetricSource": { "description": "ContainerResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the \"pods\" source. Only one \"target\" type should be set.", "properties": { @@ -4059,7 +3542,7 @@ "type": "boolean" }, "timeZone": { - "description": "The time zone for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will rely on the time zone of the kube-controller-manager process. ALPHA: This field is in alpha and must be enabled via the `CronJobTimeZone` feature gate.", + "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones This is beta field and must be enabled via the `CronJobTimeZone` feature gate.", "type": "string" } }, @@ -4224,6 +3707,10 @@ "format": "int32", "type": "integer" }, + "podFailurePolicy": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicy", + "description": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default)." + }, "selector": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", "description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors" @@ -4313,173 +3800,112 @@ }, "type": "object" }, - "io.k8s.api.batch.v1.UncountedTerminatedPods": { - "description": "UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.", + "io.k8s.api.batch.v1.PodFailurePolicy": { + "description": "PodFailurePolicy describes how failed pods influence the backoffLimit.", "properties": { - "failed": { - "description": "Failed holds UIDs of failed Pods.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "succeeded": { - "description": "Succeeded holds UIDs of succeeded Pods.", + "rules": { + "description": "A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.", "items": { - "type": "string" + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyRule" }, "type": "array", - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "rules" + ], "type": "object" }, - "io.k8s.api.batch.v1beta1.CronJob": { - "description": "CronJob represents the configuration of a single cron job.", + "io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement": { + "description": "PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "containerName": { + "description": "Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.", "type": "string" }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJobSpec", - "description": "Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - }, - "status": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJobStatus", - "description": "Current status of a cron job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - } - }, - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" - } - ] - }, - "io.k8s.api.batch.v1beta1.CronJobList": { - "description": "CronJobList is a collection of cron jobs.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "operator": { + "description": "Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.\n\n", "type": "string" }, - "items": { - "description": "items is the list of CronJobs.", + "values": { + "description": "Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.", "items": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "format": "int32", + "type": "integer" }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "type": "array", + "x-kubernetes-list-type": "set" } }, "required": [ - "items" + "operator", + "values" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "batch", - "kind": "CronJobList", - "version": "v1beta1" - } - ] + "type": "object" }, - "io.k8s.api.batch.v1beta1.CronJobSpec": { - "description": "CronJobSpec describes how the job execution will look like and when it will actually run.", + "io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern": { + "description": "PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.", "properties": { - "concurrencyPolicy": { - "description": "Specifies how to treat concurrent executions of a Job. Valid values are: - \"Allow\" (default): allows CronJobs to run concurrently; - \"Forbid\": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - \"Replace\": cancels currently running job and replaces it with a new one", - "type": "string" - }, - "failedJobsHistoryLimit": { - "description": "The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", - "format": "int32", - "type": "integer" - }, - "jobTemplate": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.JobTemplateSpec", - "description": "Specifies the job that will be created when executing a CronJob." - }, - "schedule": { - "description": "The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.", + "status": { + "description": "Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.", "type": "string" }, - "startingDeadlineSeconds": { - "description": "Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.", - "format": "int64", - "type": "integer" - }, - "successfulJobsHistoryLimit": { - "description": "The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 3.", - "format": "int32", - "type": "integer" - }, - "suspend": { - "description": "This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.", - "type": "boolean" - }, - "timeZone": { - "description": "The time zone for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will rely on the time zone of the kube-controller-manager process. ALPHA: This field is in alpha and must be enabled via the `CronJobTimeZone` feature gate.", + "type": { + "description": "Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.", "type": "string" } }, "required": [ - "schedule", - "jobTemplate" + "type", + "status" ], "type": "object" }, - "io.k8s.api.batch.v1beta1.CronJobStatus": { - "description": "CronJobStatus represents the current state of a cron job.", + "io.k8s.api.batch.v1.PodFailurePolicyRule": { + "description": "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.", "properties": { - "active": { - "description": "A list of pointers to currently running jobs.", + "action": { + "description": "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.\n\n", + "type": "string" + }, + "onExitCodes": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement", + "description": "Represents the requirement on the container exit codes." + }, + "onPodConditions": { + "description": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.", "items": { - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "lastScheduleTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "Information when was the last time the job was successfully scheduled." - }, - "lastSuccessfulTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "Information when was the last time the job successfully completed." } }, + "required": [ + "action", + "onPodConditions" + ], "type": "object" }, - "io.k8s.api.batch.v1beta1.JobTemplateSpec": { - "description": "JobTemplateSpec describes the data a Job should have when created from a template", + "io.k8s.api.batch.v1.UncountedTerminatedPods": { + "description": "UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.", "properties": { - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "failed": { + "description": "Failed holds UIDs of failed Pods.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" }, - "spec": { - "$ref": "#/definitions/io.k8s.api.batch.v1.JobSpec", - "description": "Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + "succeeded": { + "description": "Succeeded holds UIDs of succeeded Pods.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" } }, "type": "object" @@ -4942,7 +4368,7 @@ "properties": { "controllerExpandSecretRef": { "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", - "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an alpha field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an beta field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." }, "controllerPublishSecretRef": { "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", @@ -4956,6 +4382,10 @@ "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", "type": "string" }, + "nodeExpandSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is an alpha field and requires enabling CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, "nodePublishSecretRef": { "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." @@ -5513,7 +4943,7 @@ "type": "string" }, "ports": { - "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" }, @@ -5594,7 +5024,7 @@ "description": "Describe a container image", "properties": { "names": { - "description": "Names by which this image is known. e.g. [\"k8s.gcr.io/hyperkube:v1.0.7\", \"dockerhub.io/google_containers/hyperkube:v1.0.7\"]", + "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", "items": { "type": "string" }, @@ -5909,7 +5339,7 @@ "x-kubernetes-map-type": "atomic" }, "io.k8s.api.core.v1.EndpointSubset": { - "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n }\nThe resulting set of endpoints can be viewed as:\n a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n b: [ 10.10.1.1:309, 10.10.2.2:309 ]", + "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]", "properties": { "addresses": { "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", @@ -5936,7 +5366,7 @@ "type": "object" }, "io.k8s.api.core.v1.Endpoints": { - "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n Name: \"mysvc\",\n Subsets: [\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n },\n {\n Addresses: [{\"ip\": \"10.10.3.3\"}],\n Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n },\n ]", + "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -6064,7 +5494,7 @@ "type": "object" }, "io.k8s.api.core.v1.EphemeralContainer": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.\n\nThis is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate.", + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", "properties": { "args": { "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", @@ -7986,7 +7416,8 @@ }, "claimRef": { "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", - "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding" + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", + "x-kubernetes-map-type": "granular" }, "csi": { "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource", @@ -8293,7 +7724,7 @@ "type": "object" }, "io.k8s.api.core.v1.PodIP": { - "description": "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n IP: An IP address allocated to the pod. Routable at least within the cluster.", + "description": "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.", "properties": { "ip": { "description": "ip is an IP address (IPv4 or IPv6) assigned to the pod", @@ -8457,7 +7888,7 @@ "type": "boolean" }, "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.", + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralContainer" }, @@ -8486,6 +7917,10 @@ "description": "Use the host's pid namespace. Optional: Default to false.", "type": "boolean" }, + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, "hostname": { "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", "type": "string" @@ -8522,7 +7957,7 @@ }, "os": { "$ref": "#/definitions/io.k8s.api.core.v1.PodOS", - "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup This is a beta field and requires the IdentifyPodOS feature" + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" }, "overhead": { "additionalProperties": { @@ -8648,7 +8083,7 @@ "type": "array" }, "ephemeralContainerStatuses": { - "description": "Status for any ephemeral containers that have run in this pod. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.", + "description": "Status for any ephemeral containers that have run in this pod.", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" }, @@ -10019,16 +9454,16 @@ "type": "string" }, "externalTrafficPolicy": { - "description": "externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. \"Local\" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. \"Cluster\" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.\n\n", + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\n", "type": "string" }, "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).", + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", "format": "int32", "type": "integer" }, "internalTrafficPolicy": { - "description": "InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. \"Cluster\" routes internal traffic to a Service to all endpoints. \"Local\" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is \"Cluster\".", + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", "type": "string" }, "ipFamilies": { @@ -10314,18 +9749,34 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "maxSkew": { "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", "format": "int32", "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.\n\nThis is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate.", + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", "format": "int32", "type": "integer" }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", "type": "string" }, "whenUnsatisfiable": { @@ -10673,7 +10124,7 @@ "type": "string" }, "nodeName": { - "description": "nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. This field can be enabled with the EndpointSliceNodeName feature gate.", + "description": "nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node.", "type": "string" }, "targetRef": { @@ -10843,202 +10294,6 @@ ], "type": "object" }, - "io.k8s.api.discovery.v1beta1.Endpoint": { - "description": "Endpoint represents a single logical \"backend\" implementing a service.", - "properties": { - "addresses": { - "description": "addresses of this endpoint. The contents of this field are interpreted according to the corresponding EndpointSlice addressType field. Consumers must handle different types of addresses in the context of their own capabilities. This must contain at least one address but no more than 100. These are all assumed to be fungible and clients may choose to only use the first element. Refer to: https://issue.k8s.io/106267", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "conditions": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointConditions", - "description": "conditions contains information about the current status of the endpoint." - }, - "hints": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointHints", - "description": "hints contains information associated with how an endpoint should be consumed." - }, - "hostname": { - "description": "hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation.", - "type": "string" - }, - "nodeName": { - "description": "nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. This field can be enabled with the EndpointSliceNodeName feature gate.", - "type": "string" - }, - "targetRef": { - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", - "description": "targetRef is a reference to a Kubernetes object that represents this endpoint." - }, - "topology": { - "additionalProperties": { - "type": "string" - }, - "description": "topology contains arbitrary topology information associated with the endpoint. These key/value pairs must conform with the label format. https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Topology may include a maximum of 16 key/value pairs. This includes, but is not limited to the following well known keys: * kubernetes.io/hostname: the value indicates the hostname of the node\n where the endpoint is located. This should match the corresponding\n node label.\n* topology.kubernetes.io/zone: the value indicates the zone where the\n endpoint is located. This should match the corresponding node label.\n* topology.kubernetes.io/region: the value indicates the region where the\n endpoint is located. This should match the corresponding node label.\nThis field is deprecated and will be removed in future api versions.", - "type": "object" - } - }, - "required": [ - "addresses" - ], - "type": "object" - }, - "io.k8s.api.discovery.v1beta1.EndpointConditions": { - "description": "EndpointConditions represents the current condition of an endpoint.", - "properties": { - "ready": { - "description": "ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be \"true\" for terminating endpoints.", - "type": "boolean" - }, - "serving": { - "description": "serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.", - "type": "boolean" - }, - "terminating": { - "description": "terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.", - "type": "boolean" - } - }, - "type": "object" - }, - "io.k8s.api.discovery.v1beta1.EndpointHints": { - "description": "EndpointHints provides hints describing how an endpoint should be consumed.", - "properties": { - "forZones": { - "description": "forZones indicates the zone(s) this endpoint should be consumed by to enable topology aware routing. May contain a maximum of 8 entries.", - "items": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.ForZone" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "io.k8s.api.discovery.v1beta1.EndpointPort": { - "description": "EndpointPort represents a Port used by an EndpointSlice", - "properties": { - "appProtocol": { - "description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.", - "type": "string" - }, - "name": { - "description": "The name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.", - "type": "string" - }, - "port": { - "description": "The port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.", - "format": "int32", - "type": "integer" - }, - "protocol": { - "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.", - "type": "string" - } - }, - "type": "object" - }, - "io.k8s.api.discovery.v1beta1.EndpointSlice": { - "description": "EndpointSlice represents a subset of the endpoints that implement a service. For a given service there may be multiple EndpointSlice objects, selected by labels, which must be joined to produce the full set of endpoints.", - "properties": { - "addressType": { - "description": "addressType specifies the type of address carried by this EndpointSlice. All addresses in this slice must be the same type. This field is immutable after creation. The following address types are currently supported: * IPv4: Represents an IPv4 Address. * IPv6: Represents an IPv6 Address. * FQDN: Represents a Fully Qualified Domain Name.", - "type": "string" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "endpoints": { - "description": "endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.", - "items": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.Endpoint" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata." - }, - "ports": { - "description": "ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates \"all ports\". Each slice may include a maximum of 100 ports.", - "items": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointPort" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "addressType", - "endpoints" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1beta1" - } - ] - }, - "io.k8s.api.discovery.v1beta1.EndpointSliceList": { - "description": "EndpointSliceList represents a list of endpoint slices", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of endpoint slices", - "items": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard list metadata." - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "discovery.k8s.io", - "kind": "EndpointSliceList", - "version": "v1beta1" - } - ] - }, - "io.k8s.api.discovery.v1beta1.ForZone": { - "description": "ForZone provides information about which zones should consume this endpoint.", - "properties": { - "name": { - "description": "name represents the name of the zone.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, "io.k8s.api.events.v1.Event": { "description": "Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", "properties": { @@ -11178,145 +10433,6 @@ ], "type": "object" }, - "io.k8s.api.events.v1beta1.Event": { - "description": "Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", - "properties": { - "action": { - "description": "action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field can have at most 128 characters.", - "type": "string" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "deprecatedCount": { - "description": "deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.", - "format": "int32", - "type": "integer" - }, - "deprecatedFirstTimestamp": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type." - }, - "deprecatedLastTimestamp": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", - "description": "deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type." - }, - "deprecatedSource": { - "$ref": "#/definitions/io.k8s.api.core.v1.EventSource", - "description": "deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type." - }, - "eventTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime", - "description": "eventTime is the time when this Event was first observed. It is required." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "note": { - "description": "note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.", - "type": "string" - }, - "reason": { - "description": "reason is why the action was taken. It is human-readable. This field can have at most 128 characters.", - "type": "string" - }, - "regarding": { - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", - "description": "regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object." - }, - "related": { - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", - "description": "related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object." - }, - "reportingController": { - "description": "reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.", - "type": "string" - }, - "reportingInstance": { - "description": "reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.", - "type": "string" - }, - "series": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.EventSeries", - "description": "series is data about the Event series this event represents or nil if it's a singleton Event." - }, - "type": { - "description": "type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable.", - "type": "string" - } - }, - "required": [ - "eventTime" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" - } - ] - }, - "io.k8s.api.events.v1beta1.EventList": { - "description": "EventList is a list of Event objects.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of schema objects.", - "items": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "events.k8s.io", - "kind": "EventList", - "version": "v1beta1" - } - ] - }, - "io.k8s.api.events.v1beta1.EventSeries": { - "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", - "properties": { - "count": { - "description": "count is the number of occurrences in this series up to the last heartbeat time.", - "format": "int32", - "type": "integer" - }, - "lastObservedTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime", - "description": "lastObservedTime is the time when last Event from the series was seen before last heartbeat." - } - }, - "required": [ - "count", - "lastObservedTime" - ], - "type": "object" - }, "io.k8s.api.flowcontrol.v1beta1.FlowDistinguisherMethod": { "description": "FlowDistinguisherMethod specifies the method of a flow distinguisher.", "properties": { @@ -11510,7 +10626,7 @@ ] }, "io.k8s.api.flowcontrol.v1beta1.LimitedPriorityLevelConfiguration": { - "description": "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n * How are requests for this priority level limited?\n * What should be done with requests that exceed the limit?", + "description": "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n - How are requests for this priority level limited?\n - What should be done with requests that exceed the limit?", "properties": { "assuredConcurrencyShares": { "description": "`assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level:\n\n ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) )\n\nbigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30.", @@ -12059,7 +11175,7 @@ ] }, "io.k8s.api.flowcontrol.v1beta2.LimitedPriorityLevelConfiguration": { - "description": "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n * How are requests for this priority level limited?\n * What should be done with requests that exceed the limit?", + "description": "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n - How are requests for this priority level limited?\n - What should be done with requests that exceed the limit?", "properties": { "assuredConcurrencyShares": { "description": "`assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level:\n\n ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) )\n\nbigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30.", @@ -12702,7 +11818,7 @@ "description": "DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller." }, "ingressClassName": { - "description": "IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation.", + "description": "IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present.", "type": "string" }, "rules": { @@ -12882,7 +11998,7 @@ "description": "NetworkPolicyPort describes a port to allow traffic on", "properties": { "endPort": { - "description": "If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate \"NetworkPolicyEndPort\".", + "description": "If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", "format": "int32", "type": "integer" }, @@ -12965,70 +12081,46 @@ }, "type": "object" }, - "io.k8s.api.node.v1.Overhead": { - "description": "Overhead structure represents the resource overhead associated with running a pod.", - "properties": { - "podFixed": { - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - }, - "description": "PodFixed represents the fixed resource overhead associated with running a pod.", - "type": "object" - } - }, - "type": "object" - }, - "io.k8s.api.node.v1.RuntimeClass": { - "description": "RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod. For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/", + "io.k8s.api.networking.v1alpha1.ClusterCIDR": { + "description": "ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager). A cluster may have any number of ClusterCIDR resources, all of which will be considered when allocating a CIDR for a Node. A ClusterCIDR is eligible to be used for a given Node when the node selector matches the node in question and has free CIDRs to allocate. In case of multiple matching ClusterCIDR resources, the allocator will attempt to break ties using internal heuristics, but any ClusterCIDR whose node selector matches the Node may be used.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "handler": { - "description": "Handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called \"runc\" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "overhead": { - "$ref": "#/definitions/io.k8s.api.node.v1.Overhead", - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see\n https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "scheduling": { - "$ref": "#/definitions/io.k8s.api.node.v1.Scheduling", - "description": "Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes." + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDRSpec", + "description": "Spec is the desired state of the ClusterCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" } }, - "required": [ - "handler" - ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } ] }, - "io.k8s.api.node.v1.RuntimeClassList": { - "description": "RuntimeClassList is a list of RuntimeClass objects.", + "io.k8s.api.networking.v1alpha1.ClusterCIDRList": { + "description": "ClusterCIDRList contains a list of ClusterCIDR.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "Items is a list of schema objects.", + "description": "Items is the list of ClusterCIDRs.", "items": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" }, "type": "array" }, @@ -13038,7 +12130,7 @@ }, "metadata": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ @@ -13047,35 +12139,39 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "node.k8s.io", - "kind": "RuntimeClassList", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDRList", + "version": "v1alpha1" } ] }, - "io.k8s.api.node.v1.Scheduling": { - "description": "Scheduling specifies the scheduling constraints for nodes supporting a RuntimeClass.", + "io.k8s.api.networking.v1alpha1.ClusterCIDRSpec": { + "description": "ClusterCIDRSpec defines the desired state of ClusterCIDR.", "properties": { + "ipv4": { + "description": "IPv4 defines an IPv4 IP block in CIDR notation(e.g. \"10.0.0.0/8\"). At least one of IPv4 and IPv6 must be specified. This field is immutable.", + "type": "string" + }, + "ipv6": { + "description": "IPv6 defines an IPv6 IP block in CIDR notation(e.g. \"fd12:3456:789a:1::/64\"). At least one of IPv4 and IPv6 must be specified. This field is immutable.", + "type": "string" + }, "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod's existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.", - "type": "object", - "x-kubernetes-map-type": "atomic" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector", + "description": "NodeSelector defines which nodes the config is applicable to. An empty or nil NodeSelector selects all nodes. This field is immutable." }, - "tolerations": { - "description": "tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.", - "items": { - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "perNodeHostBits": { + "description": "PerNodeHostBits defines the number of host bits to be configured per node. A subnet mask determines how much of the address is used for network bits and host bits. For example an IPv4 address of 192.168.0.0/24, splits the address into 24 bits for the network portion and 8 bits for the host portion. To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). Minimum value is 4 (16 IPs). This field is immutable.", + "format": "int32", + "type": "integer" } }, + "required": [ + "perNodeHostBits" + ], "type": "object" }, - "io.k8s.api.node.v1beta1.Overhead": { + "io.k8s.api.node.v1.Overhead": { "description": "Overhead structure represents the resource overhead associated with running a pod.", "properties": { "podFixed": { @@ -13088,8 +12184,8 @@ }, "type": "object" }, - "io.k8s.api.node.v1beta1.RuntimeClass": { - "description": "RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are (currently) manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod. For more details, see https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "io.k8s.api.node.v1.RuntimeClass": { + "description": "RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod. For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -13108,11 +12204,11 @@ "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "overhead": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.Overhead", - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" + "$ref": "#/definitions/io.k8s.api.node.v1.Overhead", + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see\n https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/" }, "scheduling": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.Scheduling", + "$ref": "#/definitions/io.k8s.api.node.v1.Scheduling", "description": "Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes." } }, @@ -13124,11 +12220,11 @@ { "group": "node.k8s.io", "kind": "RuntimeClass", - "version": "v1beta1" + "version": "v1" } ] }, - "io.k8s.api.node.v1beta1.RuntimeClassList": { + "io.k8s.api.node.v1.RuntimeClassList": { "description": "RuntimeClassList is a list of RuntimeClass objects.", "properties": { "apiVersion": { @@ -13138,7 +12234,7 @@ "items": { "description": "Items is a list of schema objects.", "items": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" }, "type": "array" }, @@ -13159,11 +12255,11 @@ { "group": "node.k8s.io", "kind": "RuntimeClassList", - "version": "v1beta1" + "version": "v1" } ] }, - "io.k8s.api.node.v1beta1.Scheduling": { + "io.k8s.api.node.v1.Scheduling": { "description": "Scheduling specifies the scheduling constraints for nodes supporting a RuntimeClass.", "properties": { "nodeSelector": { @@ -13358,105 +12454,57 @@ ], "type": "object" }, - "io.k8s.api.policy.v1beta1.AllowedCSIDriver": { - "description": "AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.", + "io.k8s.api.rbac.v1.AggregationRule": { + "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", "properties": { - "name": { - "description": "Name is the registered name of the CSI driver", - "type": "string" + "clusterRoleSelectors": { + "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "type": "array" } }, - "required": [ - "name" - ], "type": "object" }, - "io.k8s.api.policy.v1beta1.AllowedFlexVolume": { - "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", + "io.k8s.api.rbac.v1.ClusterRole": { + "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", "properties": { - "driver": { - "description": "driver is the name of the Flexvolume driver.", + "aggregationRule": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule", + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.AllowedHostPath": { - "description": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.", - "properties": { - "pathPrefix": { - "description": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`", + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "readOnly": { - "description": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.", - "type": "boolean" - } - }, - "type": "object" - }, - "io.k8s.api.policy.v1beta1.FSGroupStrategyOptions": { - "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.", + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "description": "Standard object's metadata." + }, + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.IDRange" + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" }, "type": "array" - }, - "rule": { - "description": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext.", - "type": "string" - } - }, - "type": "object" - }, - "io.k8s.api.policy.v1beta1.HostPortRange": { - "description": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.", - "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "format": "int32", - "type": "integer" - }, - "min": { - "description": "min is the start of the range, inclusive.", - "format": "int32", - "type": "integer" } }, - "required": [ - "min", - "max" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.IDRange": { - "description": "IDRange provides a min/max of an allowed range of IDs.", - "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "format": "int64", - "type": "integer" - }, - "min": { - "description": "min is the start of the range, inclusive.", - "format": "int64", - "type": "integer" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "version": "v1" } - }, - "required": [ - "min", - "max" - ], - "type": "object" + ] }, - "io.k8s.api.policy.v1beta1.PodDisruptionBudget": { - "description": "PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods", + "io.k8s.api.rbac.v1.ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -13468,37 +12516,43 @@ }, "metadata": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata." }, - "spec": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudgetSpec", - "description": "Specification of the desired behavior of the PodDisruptionBudget." + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", + "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." }, - "status": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudgetStatus", - "description": "Most recently observed status of the PodDisruptionBudget." + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" } }, + "required": [ + "roleRef" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBinding", + "version": "v1" } ] }, - "io.k8s.api.policy.v1beta1.PodDisruptionBudgetList": { - "description": "PodDisruptionBudgetList is a collection of PodDisruptionBudgets.", + "io.k8s.api.rbac.v1.ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items list individual PodDisruptionBudget objects", + "description": "Items is a list of ClusterRoleBindings", "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRoleBinding" }, "type": "array" }, @@ -13508,7 +12562,7 @@ }, "metadata": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata." } }, "required": [ @@ -13517,89 +12571,93 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy", - "kind": "PodDisruptionBudgetList", - "version": "v1beta1" + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBindingList", + "version": "v1" } ] }, - "io.k8s.api.policy.v1beta1.PodDisruptionBudgetSpec": { - "description": "PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.", + "io.k8s.api.rbac.v1.ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles", "properties": { - "maxUnavailable": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", - "description": "An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\"." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "minAvailable": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", - "description": "An eviction is allowed if at least \"minAvailable\" pods selected by \"selector\" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying \"100%\"." + "items": { + "description": "Items is a list of ClusterRoles", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRole" + }, + "type": "array" }, - "selector": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", - "description": "Label query over pods whose evictions are managed by the disruption budget. A null selector selects no pods. An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. In policy/v1, an empty selector will select all pods in the namespace." + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", + "description": "Standard object's metadata." } }, - "type": "object" + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleList", + "version": "v1" + } + ] }, - "io.k8s.api.policy.v1beta1.PodDisruptionBudgetStatus": { - "description": "PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.", + "io.k8s.api.rbac.v1.PolicyRule": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "properties": { - "conditions": { - "description": "Conditions contain conditions for PDB. The disruption controller sets the DisruptionAllowed condition. The following are known values for the reason field (additional reasons could be added in the future): - SyncFailed: The controller encountered an error and wasn't able to compute\n the number of allowed disruptions. Therefore no disruptions are\n allowed and the status of the condition will be False.\n- InsufficientPods: The number of pods are either at or below the number\n required by the PodDisruptionBudget. No disruptions are\n allowed and the status of the condition will be False.\n- SufficientPods: There are more pods than required by the PodDisruptionBudget.\n The condition will be True, and the number of allowed\n disruptions are provided by the disruptionsAllowed property.", + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", "items": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "currentHealthy": { - "description": "current number of healthy pods", - "format": "int32", - "type": "integer" - }, - "desiredHealthy": { - "description": "minimum desired number of healthy pods", - "format": "int32", - "type": "integer" + "type": "array" }, - "disruptedPods": { - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "items": { + "type": "string" }, - "description": "DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.", - "type": "object" + "type": "array" }, - "disruptionsAllowed": { - "description": "Number of pod disruptions that are currently allowed.", - "format": "int32", - "type": "integer" + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "items": { + "type": "string" + }, + "type": "array" }, - "expectedPods": { - "description": "total number of pods counted by this disruption budget", - "format": "int32", - "type": "integer" + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "items": { + "type": "string" + }, + "type": "array" }, - "observedGeneration": { - "description": "Most recent generation observed when updating this PDB status. DisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.", - "format": "int64", - "type": "integer" + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "disruptionsAllowed", - "currentHealthy", - "desiredHealthy", - "expectedPods" + "verbs" ], "type": "object" }, - "io.k8s.api.policy.v1beta1.PodSecurityPolicy": { - "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21.", + "io.k8s.api.rbac.v1.Role": { + "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -13611,576 +12669,75 @@ }, "metadata": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata." }, - "spec": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicySpec", - "description": "spec defines the policy enforced." + "rules": { + "description": "Rules holds all the PolicyRules for this Role", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "type": "array" } }, "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "group": "rbac.authorization.k8s.io", + "kind": "Role", + "version": "v1" } ] }, - "io.k8s.api.policy.v1beta1.PodSecurityPolicyList": { - "description": "PodSecurityPolicyList is a list of PodSecurityPolicy objects.", + "io.k8s.api.rbac.v1.RoleBinding": { + "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of schema objects.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" - }, - "type": "array" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "description": "Standard object's metadata." + }, + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", + "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" } }, "required": [ - "items" + "roleRef" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy", - "kind": "PodSecurityPolicyList", - "version": "v1beta1" + "group": "rbac.authorization.k8s.io", + "kind": "RoleBinding", + "version": "v1" } ] }, - "io.k8s.api.policy.v1beta1.PodSecurityPolicySpec": { - "description": "PodSecurityPolicySpec defines the policy enforced.", + "io.k8s.api.rbac.v1.RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings", "properties": { - "allowPrivilegeEscalation": { - "description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", - "type": "boolean" - }, - "allowedCSIDrivers": { - "description": "AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is a beta field, and is only honored if the API server enables the CSIInlineVolume feature gate.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedCSIDriver" - }, - "type": "array" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "allowedCapabilities": { - "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.", + "items": { + "description": "Items is a list of RoleBindings", "items": { - "type": "string" - }, - "type": "array" - }, - "allowedFlexVolumes": { - "description": "allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedFlexVolume" - }, - "type": "array" - }, - "allowedHostPaths": { - "description": "allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedHostPath" - }, - "type": "array" - }, - "allowedProcMountTypes": { - "description": "AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.", - "items": { - "type": "string" - }, - "type": "array" - }, - "allowedUnsafeSysctls": { - "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", - "items": { - "type": "string" - }, - "type": "array" - }, - "defaultAddCapabilities": { - "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.", - "items": { - "type": "string" - }, - "type": "array" - }, - "defaultAllowPrivilegeEscalation": { - "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", - "type": "boolean" - }, - "forbiddenSysctls": { - "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", - "items": { - "type": "string" - }, - "type": "array" - }, - "fsGroup": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.FSGroupStrategyOptions", - "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext." - }, - "hostIPC": { - "description": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.", - "type": "boolean" - }, - "hostNetwork": { - "description": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", - "type": "boolean" - }, - "hostPID": { - "description": "hostPID determines if the policy allows the use of HostPID in the pod spec.", - "type": "boolean" - }, - "hostPorts": { - "description": "hostPorts determines which host port ranges are allowed to be exposed.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.HostPortRange" - }, - "type": "array" - }, - "privileged": { - "description": "privileged determines if a pod can request to be run as privileged.", - "type": "boolean" - }, - "readOnlyRootFilesystem": { - "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", - "type": "boolean" - }, - "requiredDropCapabilities": { - "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", - "items": { - "type": "string" - }, - "type": "array" - }, - "runAsGroup": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.RunAsGroupStrategyOptions", - "description": "RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled." - }, - "runAsUser": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.RunAsUserStrategyOptions", - "description": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set." - }, - "runtimeClass": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.RuntimeClassStrategyOptions", - "description": "runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled." - }, - "seLinux": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.SELinuxStrategyOptions", - "description": "seLinux is the strategy that will dictate the allowable labels that may be set." - }, - "supplementalGroups": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.SupplementalGroupsStrategyOptions", - "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext." - }, - "volumes": { - "description": "volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "seLinux", - "runAsUser", - "supplementalGroups", - "fsGroup" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.RunAsGroupStrategyOptions": { - "description": "RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.", - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.IDRange" - }, - "type": "array" - }, - "rule": { - "description": "rule is the strategy that will dictate the allowable RunAsGroup values that may be set.", - "type": "string" - } - }, - "required": [ - "rule" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.RunAsUserStrategyOptions": { - "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.IDRange" - }, - "type": "array" - }, - "rule": { - "description": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.", - "type": "string" - } - }, - "required": [ - "rule" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.RuntimeClassStrategyOptions": { - "description": "RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.", - "properties": { - "allowedRuntimeClassNames": { - "description": "allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.", - "items": { - "type": "string" - }, - "type": "array" - }, - "defaultRuntimeClassName": { - "description": "defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.", - "type": "string" - } - }, - "required": [ - "allowedRuntimeClassNames" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.SELinuxStrategyOptions": { - "description": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.", - "properties": { - "rule": { - "description": "rule is the strategy that will dictate the allowable labels that may be set.", - "type": "string" - }, - "seLinuxOptions": { - "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions", - "description": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - } - }, - "required": [ - "rule" - ], - "type": "object" - }, - "io.k8s.api.policy.v1beta1.SupplementalGroupsStrategyOptions": { - "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.", - "items": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.IDRange" - }, - "type": "array" - }, - "rule": { - "description": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.", - "type": "string" - } - }, - "type": "object" - }, - "io.k8s.api.rbac.v1.AggregationRule": { - "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", - "properties": { - "clusterRoleSelectors": { - "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", - "items": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "type": "array" - } - }, - "type": "object" - }, - "io.k8s.api.rbac.v1.ClusterRole": { - "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", - "properties": { - "aggregationRule": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule", - "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata." - }, - "rules": { - "description": "Rules holds all the PolicyRules for this ClusterRole", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" - }, - "type": "array" - } - }, - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRole", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.ClusterRoleBinding": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata." - }, - "roleRef": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", - "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." - }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" - }, - "type": "array" - } - }, - "required": [ - "roleRef" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleBinding", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.ClusterRoleBindingList": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of ClusterRoleBindings", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRoleBinding" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard object's metadata." - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleBindingList", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.ClusterRoleList": { - "description": "ClusterRoleList is a collection of ClusterRoles", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of ClusterRoles", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRole" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta", - "description": "Standard object's metadata." - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleList", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.PolicyRule": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", - "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.", - "items": { - "type": "string" - }, - "type": "array" - }, - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", - "items": { - "type": "string" - }, - "type": "array" - }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "items": { - "type": "string" - }, - "type": "array" - }, - "resources": { - "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", - "items": { - "type": "string" - }, - "type": "array" - }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "verbs" - ], - "type": "object" - }, - "io.k8s.api.rbac.v1.Role": { - "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata." - }, - "rules": { - "description": "Rules holds all the PolicyRules for this Role", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" - }, - "type": "array" - } - }, - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "Role", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.RoleBinding": { - "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", - "description": "Standard object's metadata." - }, - "roleRef": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", - "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." - }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" - }, - "type": "array" - } - }, - "required": [ - "roleRef" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "RoleBinding", - "version": "v1" - } - ] - }, - "io.k8s.api.rbac.v1.RoleBindingList": { - "description": "RoleBindingList is a collection of RoleBindings", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of RoleBindings", - "items": { - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleBinding" + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleBinding" }, "type": "array" }, @@ -14457,6 +13014,10 @@ "description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.", "type": "boolean" }, + "seLinuxMount": { + "description": "SELinuxMount specifies if the CSI driver supports \"-o context\" mount option.\n\nWhen \"true\", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with \"-o context=xyz\" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.\n\nWhen \"false\", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem.\n\nDefault is \"false\".", + "type": "boolean" + }, "storageCapacity": { "description": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis field was immutable in Kubernetes <= 1.22 and now is mutable.", "type": "boolean" @@ -15700,7 +14261,7 @@ "type": "object" }, "io.k8s.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", + "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", "type": "string" }, "io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup": { @@ -16179,6 +14740,11 @@ "kind": "DeleteOptions", "version": "v1" }, + { + "group": "networking.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, { "group": "networking.k8s.io", "kind": "DeleteOptions", @@ -16398,10 +14964,6 @@ "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, - "clusterName": { - "description": "Deprecated: ClusterName is a legacy field that was always cleared by the system and never used; it will be removed completely in 1.25.\n\nThe name in the go struct is changed to help clients detect accidental use.", - "type": "string" - }, "creationTimestamp": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" @@ -16856,6 +15418,11 @@ "kind": "WatchEvent", "version": "v1" }, + { + "group": "networking.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, { "group": "networking.k8s.io", "kind": "WatchEvent", @@ -16934,7 +15501,7 @@ ] }, "io.k8s.apimachinery.pkg.runtime.RawExtension": { - "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", "type": "object" }, "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { @@ -51657,7 +50224,7 @@ } ] }, - "/apis/autoscaling/v2beta1/": { + "/apis/autoscaling/v2beta2/": { "get": { "consumes": [ "application/json", @@ -51665,7 +50232,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getAutoscalingV2beta1APIResources", + "operationId": "getAutoscalingV2beta2APIResources", "produces": [ "application/json", "application/yaml", @@ -51686,17 +50253,17 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ] } }, - "/apis/autoscaling/v2beta1/horizontalpodautoscalers": { + "/apis/autoscaling/v2beta2/horizontalpodautoscalers": { "get": { "consumes": [ "*/*" ], "description": "list or watch objects of kind HorizontalPodAutoscaler", - "operationId": "listAutoscalingV2beta1HorizontalPodAutoscalerForAllNamespaces", + "operationId": "listAutoscalingV2beta2HorizontalPodAutoscalerForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -51708,7 +50275,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerList" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList" } }, "401": { @@ -51719,13 +50286,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -51801,13 +50368,13 @@ } ] }, - "/apis/autoscaling/v2beta1/namespaces/{namespace}/horizontalpodautoscalers": { + "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers": { "delete": { "consumes": [ "*/*" ], "description": "delete collection of HorizontalPodAutoscaler", - "operationId": "deleteAutoscalingV2beta1CollectionNamespacedHorizontalPodAutoscaler", + "operationId": "deleteAutoscalingV2beta2CollectionNamespacedHorizontalPodAutoscaler", "parameters": [ { "in": "body", @@ -51914,13 +50481,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "get": { @@ -51928,7 +50495,7 @@ "*/*" ], "description": "list or watch objects of kind HorizontalPodAutoscaler", - "operationId": "listAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "listAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -52005,7 +50572,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerList" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList" } }, "401": { @@ -52016,13 +50583,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52047,14 +50614,14 @@ "*/*" ], "description": "create a HorizontalPodAutoscaler", - "operationId": "createAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "createAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, { @@ -52088,19 +50655,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52111,23 +50678,23 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } } }, - "/apis/autoscaling/v2beta1/namespaces/{namespace}/horizontalpodautoscalers/{name}": { + "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/{name}": { "delete": { "consumes": [ "*/*" ], "description": "delete a HorizontalPodAutoscaler", - "operationId": "deleteAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "deleteAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "parameters": [ { "in": "body", @@ -52191,13 +50758,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "get": { @@ -52205,7 +50772,7 @@ "*/*" ], "description": "read the specified HorizontalPodAutoscaler", - "operationId": "readAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "readAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "produces": [ "application/json", "application/yaml", @@ -52215,7 +50782,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52226,13 +50793,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52268,7 +50835,7 @@ "application/apply-patch+yaml" ], "description": "partially update the specified HorizontalPodAutoscaler", - "operationId": "patchAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "patchAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "parameters": [ { "in": "body", @@ -52316,13 +50883,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52333,13 +50900,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "put": { @@ -52347,14 +50914,14 @@ "*/*" ], "description": "replace the specified HorizontalPodAutoscaler", - "operationId": "replaceAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "replaceAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, { @@ -52388,13 +50955,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52405,23 +50972,23 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } } }, - "/apis/autoscaling/v2beta1/namespaces/{namespace}/horizontalpodautoscalers/{name}/status": { + "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/{name}/status": { "get": { "consumes": [ "*/*" ], "description": "read status of the specified HorizontalPodAutoscaler", - "operationId": "readAutoscalingV2beta1NamespacedHorizontalPodAutoscalerStatus", + "operationId": "readAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", "produces": [ "application/json", "application/yaml", @@ -52431,7 +50998,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52442,13 +51009,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52484,7 +51051,7 @@ "application/apply-patch+yaml" ], "description": "partially update status of the specified HorizontalPodAutoscaler", - "operationId": "patchAutoscalingV2beta1NamespacedHorizontalPodAutoscalerStatus", + "operationId": "patchAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", "parameters": [ { "in": "body", @@ -52532,13 +51099,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52549,13 +51116,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "put": { @@ -52563,14 +51130,14 @@ "*/*" ], "description": "replace status of the specified HorizontalPodAutoscaler", - "operationId": "replaceAutoscalingV2beta1NamespacedHorizontalPodAutoscalerStatus", + "operationId": "replaceAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, { @@ -52604,13 +51171,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" } }, "401": { @@ -52621,23 +51188,23 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } } }, - "/apis/autoscaling/v2beta1/watch/horizontalpodautoscalers": { + "/apis/autoscaling/v2beta2/watch/horizontalpodautoscalers": { "get": { "consumes": [ "*/*" ], "description": "watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchAutoscalingV2beta1HorizontalPodAutoscalerListForAllNamespaces", + "operationId": "watchAutoscalingV2beta2HorizontalPodAutoscalerListForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -52660,13 +51227,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52742,13 +51309,13 @@ } ] }, - "/apis/autoscaling/v2beta1/watch/namespaces/{namespace}/horizontalpodautoscalers": { + "/apis/autoscaling/v2beta2/watch/namespaces/{namespace}/horizontalpodautoscalers": { "get": { "consumes": [ "*/*" ], "description": "watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchAutoscalingV2beta1NamespacedHorizontalPodAutoscalerList", + "operationId": "watchAutoscalingV2beta2NamespacedHorizontalPodAutoscalerList", "produces": [ "application/json", "application/yaml", @@ -52771,13 +51338,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52861,13 +51428,13 @@ } ] }, - "/apis/autoscaling/v2beta1/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}": { + "/apis/autoscaling/v2beta2/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}": { "get": { "consumes": [ "*/*" ], "description": "watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchAutoscalingV2beta1NamespacedHorizontalPodAutoscaler", + "operationId": "watchAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", "produces": [ "application/json", "application/yaml", @@ -52890,13 +51457,13 @@ "https" ], "tags": [ - "autoscaling_v2beta1" + "autoscaling_v2beta2" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "autoscaling", "kind": "HorizontalPodAutoscaler", - "version": "v2beta1" + "version": "v2beta2" } }, "parameters": [ @@ -52988,7 +51555,40 @@ } ] }, - "/apis/autoscaling/v2beta2/": { + "/apis/batch/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get information of a group", + "operationId": "getBatchAPIGroup", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "batch" + ] + } + }, + "/apis/batch/v1/": { "get": { "consumes": [ "application/json", @@ -52996,7 +51596,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getAutoscalingV2beta2APIResources", + "operationId": "getBatchV1APIResources", "produces": [ "application/json", "application/yaml", @@ -53017,17 +51617,17 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ] } }, - "/apis/autoscaling/v2beta2/horizontalpodautoscalers": { + "/apis/batch/v1/cronjobs": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind HorizontalPodAutoscaler", - "operationId": "listAutoscalingV2beta2HorizontalPodAutoscalerForAllNamespaces", + "description": "list or watch objects of kind CronJob", + "operationId": "listBatchV1CronJobForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -53039,7 +51639,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJobList" } }, "401": { @@ -53050,13 +51650,13 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "parameters": [ @@ -53132,13 +51732,124 @@ } ] }, - "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers": { + "/apis/batch/v1/jobs": { + "get": { + "consumes": [ + "*/*" + ], + "description": "list or watch objects of kind Job", + "operationId": "listBatchV1JobForAllNamespaces", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.batch.v1.JobList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "batch_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "batch", + "kind": "Job", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/batch/v1/namespaces/{namespace}/cronjobs": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of HorizontalPodAutoscaler", - "operationId": "deleteAutoscalingV2beta2CollectionNamespacedHorizontalPodAutoscaler", + "description": "delete collection of CronJob", + "operationId": "deleteBatchV1CollectionNamespacedCronJob", "parameters": [ { "in": "body", @@ -53245,21 +51956,21 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind HorizontalPodAutoscaler", - "operationId": "listAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "list or watch objects of kind CronJob", + "operationId": "listBatchV1NamespacedCronJob", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -53336,7 +52047,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJobList" } }, "401": { @@ -53347,13 +52058,13 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "parameters": [ @@ -53377,15 +52088,15 @@ "consumes": [ "*/*" ], - "description": "create a HorizontalPodAutoscaler", - "operationId": "createAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "create a CronJob", + "operationId": "createBatchV1NamespacedCronJob", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, { @@ -53419,19 +52130,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53442,23 +52153,23 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } } }, - "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/{name}": { + "/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a HorizontalPodAutoscaler", - "operationId": "deleteAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "delete a CronJob", + "operationId": "deleteBatchV1NamespacedCronJob", "parameters": [ { "in": "body", @@ -53522,21 +52233,21 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified HorizontalPodAutoscaler", - "operationId": "readAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "read the specified CronJob", + "operationId": "readBatchV1NamespacedCronJob", "produces": [ "application/json", "application/yaml", @@ -53546,7 +52257,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53557,18 +52268,18 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "parameters": [ { - "description": "name of the HorizontalPodAutoscaler", + "description": "name of the CronJob", "in": "path", "name": "name", "required": true, @@ -53598,8 +52309,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified HorizontalPodAutoscaler", - "operationId": "patchAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "partially update the specified CronJob", + "operationId": "patchBatchV1NamespacedCronJob", "parameters": [ { "in": "body", @@ -53647,13 +52358,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53664,28 +52375,28 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified HorizontalPodAutoscaler", - "operationId": "replaceAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", + "description": "replace the specified CronJob", + "operationId": "replaceBatchV1NamespacedCronJob", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, { @@ -53719,13 +52430,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53736,23 +52447,23 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } } }, - "/apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/{name}/status": { + "/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified HorizontalPodAutoscaler", - "operationId": "readAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", + "description": "read status of the specified CronJob", + "operationId": "readBatchV1NamespacedCronJobStatus", "produces": [ "application/json", "application/yaml", @@ -53762,7 +52473,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53773,18 +52484,18 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "parameters": [ { - "description": "name of the HorizontalPodAutoscaler", + "description": "name of the CronJob", "in": "path", "name": "name", "required": true, @@ -53814,8 +52525,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update status of the specified HorizontalPodAutoscaler", - "operationId": "patchAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", + "description": "partially update status of the specified CronJob", + "operationId": "patchBatchV1NamespacedCronJobStatus", "parameters": [ { "in": "body", @@ -53863,13 +52574,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53880,28 +52591,28 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace status of the specified HorizontalPodAutoscaler", - "operationId": "replaceAutoscalingV2beta2NamespacedHorizontalPodAutoscalerStatus", + "description": "replace status of the specified CronJob", + "operationId": "replaceBatchV1NamespacedCronJobStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, { @@ -53935,13 +52646,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler" + "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" } }, "401": { @@ -53952,35 +52663,119 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "CronJob", + "version": "v1" } } }, - "/apis/autoscaling/v2beta2/watch/horizontalpodautoscalers": { - "get": { + "/apis/batch/v1/namespaces/{namespace}/jobs": { + "delete": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchAutoscalingV2beta2HorizontalPodAutoscalerListForAllNamespaces", + "description": "delete collection of Job", + "operationId": "deleteBatchV1CollectionNamespacedJob", + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { @@ -53991,95 +52786,86 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "Job", + "version": "v1" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/autoscaling/v2beta2/watch/namespaces/{namespace}/horizontalpodautoscalers": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchAutoscalingV2beta2NamespacedHorizontalPodAutoscalerList", + "description": "list or watch objects of kind Job", + "operationId": "listBatchV1NamespacedJob", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", @@ -54091,7 +52877,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.batch.v1.JobList" } }, "401": { @@ -54102,51 +52888,16 @@ "https" ], "tags": [ - "autoscaling_v2beta2" + "batch_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" + "group": "batch", + "kind": "Job", + "version": "v1" } }, "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "object name and auth scope, such as for teams and projects", "in": "path", @@ -54161,173 +52912,45 @@ "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/autoscaling/v2beta2/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}": { - "get": { + ], + "post": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchAutoscalingV2beta2NamespacedHorizontalPodAutoscaler", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", + "description": "create a Job", + "operationId": "createBatchV1NamespacedJob", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, - "401": { - "description": "Unauthorized" + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true } - }, - "schemes": [ - "https" - ], - "tags": [ - "autoscaling_v2beta2" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "autoscaling", - "kind": "HorizontalPodAutoscaler", - "version": "v2beta2" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the HorizontalPodAutoscaler", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/batch/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" ], - "description": "get information of a group", - "operationId": "getBatchAPIGroup", "produces": [ "application/json", "application/yaml", @@ -54337,40 +52960,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch" - ] - } - }, - "/apis/batch/v1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getBatchV1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", + "201": { + "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -54382,28 +52984,75 @@ ], "tags": [ "batch_v1" - ] + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "batch", + "kind": "Job", + "version": "v1" + } } }, - "/apis/batch/v1/cronjobs": { - "get": { + "/apis/batch/v1/namespaces/{namespace}/jobs/{name}": { + "delete": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind CronJob", - "operationId": "listBatchV1CronJobForAllNamespaces", + "description": "delete a Job", + "operationId": "deleteBatchV1NamespacedJob", + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "type": "string", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJobList" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { @@ -54416,105 +53065,29 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/batch/v1/jobs": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Job", - "operationId": "listBatchV1JobForAllNamespaces", + "description": "read the specified Job", + "operationId": "readBatchV1NamespacedJob", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.JobList" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -54527,7 +53100,7 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "batch", "kind": "Job", @@ -54536,99 +53109,47 @@ }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", + "description": "name of the Job", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/batch/v1/namespaces/{namespace}/cronjobs": { - "delete": { + ], + "patch": { "consumes": [ - "*/*" + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" ], - "description": "delete collection of CronJob", - "operationId": "deleteBatchV1CollectionNamespacedCronJob", + "description": "partially update the specified Job", + "operationId": "patchBatchV1NamespacedJob", "parameters": [ { "in": "body", "name": "body", + "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" } }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, { "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "in": "query", @@ -54637,67 +53158,25 @@ "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", "in": "query", - "name": "fieldSelector", + "name": "fieldManager", "type": "string", "uniqueItems": true }, { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", "in": "query", - "name": "labelSelector", + "name": "fieldValidation", "type": "string", "uniqueItems": true }, { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", "in": "query", - "name": "orphanDependents", + "name": "force", "type": "boolean", "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true } ], "produces": [ @@ -54709,7 +53188,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -54722,163 +53207,44 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "deletecollection", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } }, - "get": { + "put": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind CronJob", - "operationId": "listBatchV1NamespacedCronJob", + "description": "replace the specified Job", + "operationId": "replaceBatchV1NamespacedJob", "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + } }, { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "in": "query", - "name": "continue", + "name": "dryRun", "type": "string", "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", "in": "query", - "name": "fieldSelector", + "name": "fieldManager", "type": "string", "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJobList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1" - } - }, - "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a CronJob", - "operationId": "createBatchV1NamespacedCronJob", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", "in": "query", "name": "fieldValidation", "type": "string", @@ -54894,19 +53260,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -54919,99 +53279,21 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "post", + "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } } }, - "/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a CronJob", - "operationId": "deleteBatchV1NamespacedCronJob", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1" - } - }, + "/apis/batch/v1/namespaces/{namespace}/jobs/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "read the specified CronJob", - "operationId": "readBatchV1NamespacedCronJob", + "description": "read status of the specified Job", + "operationId": "readBatchV1NamespacedJobStatus", "produces": [ "application/json", "application/yaml", @@ -55021,7 +53303,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -55037,13 +53319,13 @@ "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } }, "parameters": [ { - "description": "name of the CronJob", + "description": "name of the Job", "in": "path", "name": "name", "required": true, @@ -55073,8 +53355,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified CronJob", - "operationId": "patchBatchV1NamespacedCronJob", + "description": "partially update status of the specified Job", + "operationId": "patchBatchV1NamespacedJobStatus", "parameters": [ { "in": "body", @@ -55122,13 +53404,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -55144,7 +53426,7 @@ "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } }, @@ -55152,15 +53434,15 @@ "consumes": [ "*/*" ], - "description": "replace the specified CronJob", - "operationId": "replaceBatchV1NamespacedCronJob", + "description": "replace status of the specified Job", + "operationId": "replaceBatchV1NamespacedJobStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, { @@ -55194,13 +53476,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.api.batch.v1.Job" } }, "401": { @@ -55216,28 +53498,30 @@ "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } } }, - "/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status": { + "/apis/batch/v1/watch/cronjobs": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified CronJob", - "operationId": "readBatchV1NamespacedCronJobStatus", + "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchBatchV1CronJobListForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55250,7 +53534,7 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "batch", "kind": "CronJob", @@ -55259,92 +53543,96 @@ }, "parameters": [ { - "description": "name of the CronJob", - "in": "path", - "name": "name", - "required": true, + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", "type": "string", "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", "type": "string", "uniqueItems": true }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - ], - "patch": { + ] + }, + "/apis/batch/v1/watch/jobs": { + "get": { "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified CronJob", - "operationId": "patchBatchV1NamespacedCronJobStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } + "*/*" ], + "description": "watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchBatchV1JobListForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55357,66 +53645,105 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "patch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "CronJob", + "kind": "Job", "version": "v1" } }, - "put": { + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/batch/v1/watch/namespaces/{namespace}/cronjobs": { + "get": { "consumes": [ "*/*" ], - "description": "replace status of the specified CronJob", - "operationId": "replaceBatchV1NamespacedCronJobStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], + "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchBatchV1NamespacedCronJobList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.CronJob" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55429,117 +53756,113 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "batch", "kind": "CronJob", "version": "v1" } - } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] }, - "/apis/batch/v1/namespaces/{namespace}/jobs": { - "delete": { + "/apis/batch/v1/watch/namespaces/{namespace}/cronjobs/{name}": { + "get": { "consumes": [ "*/*" ], - "description": "delete collection of Job", - "operationId": "deleteBatchV1CollectionNamespacedJob", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], + "description": "watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchBatchV1NamespacedCronJob", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55552,84 +53875,109 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "deletecollection", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "batch", - "kind": "Job", + "kind": "CronJob", "version": "v1" } }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the CronJob", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/batch/v1/watch/namespaces/{namespace}/jobs": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Job", - "operationId": "listBatchV1NamespacedJob", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], + "description": "watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchBatchV1NamespacedJobList", "produces": [ "application/json", "application/yaml", @@ -55641,7 +53989,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.JobList" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55654,7 +54002,7 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "batch", "kind": "Job", @@ -55662,6 +54010,41 @@ } }, "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, { "description": "object name and auth scope, such as for teams and projects", "in": "path", @@ -55676,67 +54059,56 @@ "name": "pretty", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - ], - "post": { + ] + }, + "/apis/batch/v1/watch/namespaces/{namespace}/jobs/{name}": { + "get": { "consumes": [ "*/*" ], - "description": "create a Job", - "operationId": "createBatchV1NamespacedJob", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], + "description": "watch changes to an object of kind Job. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchBatchV1NamespacedJob", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -55749,47 +54121,229 @@ "tags": [ "batch_v1" ], - "x-kubernetes-action": "post", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "batch", "kind": "Job", "version": "v1" } - } - }, - "/apis/batch/v1/namespaces/{namespace}/jobs/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a Job", - "operationId": "deleteBatchV1NamespacedJob", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the Job", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/certificates.k8s.io/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get information of a group", + "operationId": "getCertificatesAPIGroup", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "certificates" + ] + } + }, + "/apis/certificates.k8s.io/v1/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get available resources", + "operationId": "getCertificatesV1APIResources", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "certificates_v1" + ] + } + }, + "/apis/certificates.k8s.io/v1/certificatesigningrequests": { + "delete": { + "consumes": [ + "*/*" + ], + "description": "delete collection of CertificateSigningRequest", + "operationId": "deleteCertificatesV1CollectionCertificateSigningRequest", + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", "type": "boolean", "uniqueItems": true }, @@ -55799,6 +54353,27 @@ "name": "propagationPolicy", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true } ], "produces": [ @@ -55813,12 +54388,6 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, "401": { "description": "Unauthorized" } @@ -55827,12 +54396,12 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "delete", + "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, @@ -55840,18 +54409,85 @@ "consumes": [ "*/*" ], - "description": "read the specified Job", - "operationId": "readBatchV1NamespacedJob", + "description": "list or watch objects of kind CertificateSigningRequest", + "operationId": "listCertificatesV1CertificateSigningRequest", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestList" } }, "401": { @@ -55862,32 +54498,16 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, "parameters": [ - { - "description": "name of the Job", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -55896,22 +54516,19 @@ "uniqueItems": true } ], - "patch": { + "post": { "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" + "*/*" ], - "description": "partially update the specified Job", - "operationId": "patchBatchV1NamespacedJob", + "description": "create a CertificateSigningRequest", + "operationId": "createCertificatesV1CertificateSigningRequest", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, { @@ -55922,7 +54539,7 @@ "uniqueItems": true }, { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", "in": "query", "name": "fieldManager", "type": "string", @@ -55934,13 +54551,6 @@ "name": "fieldValidation", "type": "string", "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true } ], "produces": [ @@ -55952,13 +54562,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -55969,28 +54585,29 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "patch", + "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } - }, - "put": { + } + }, + "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}": { + "delete": { "consumes": [ "*/*" ], - "description": "replace the specified Job", - "operationId": "replaceBatchV1NamespacedJob", + "description": "delete a CertificateSigningRequest", + "operationId": "deleteCertificatesV1CertificateSigningRequest", "parameters": [ { "in": "body", "name": "body", - "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" } }, { @@ -56001,16 +54618,23 @@ "uniqueItems": true }, { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", "in": "query", - "name": "fieldManager", - "type": "string", + "name": "gracePeriodSeconds", + "type": "integer", "uniqueItems": true }, { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", "in": "query", - "name": "fieldValidation", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", "type": "string", "uniqueItems": true } @@ -56024,13 +54648,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, - "201": { - "description": "Created", + "202": { + "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { @@ -56041,23 +54665,21 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } - } - }, - "/apis/batch/v1/namespaces/{namespace}/jobs/{name}/status": { + }, "get": { "consumes": [ "*/*" ], - "description": "read status of the specified Job", - "operationId": "readBatchV1NamespacedJobStatus", + "description": "read the specified CertificateSigningRequest", + "operationId": "readCertificatesV1CertificateSigningRequest", "produces": [ "application/json", "application/yaml", @@ -56067,7 +54689,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -56078,32 +54700,24 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, "parameters": [ { - "description": "name of the Job", + "description": "name of the CertificateSigningRequest", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -56119,8 +54733,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update status of the specified Job", - "operationId": "patchBatchV1NamespacedJobStatus", + "description": "partially update the specified CertificateSigningRequest", + "operationId": "patchCertificatesV1CertificateSigningRequest", "parameters": [ { "in": "body", @@ -56168,13 +54782,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -56185,12 +54799,12 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, @@ -56198,15 +54812,15 @@ "consumes": [ "*/*" ], - "description": "replace status of the specified Job", - "operationId": "replaceBatchV1NamespacedJobStatus", + "description": "replace the specified CertificateSigningRequest", + "operationId": "replaceCertificatesV1CertificateSigningRequest", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, { @@ -56240,13 +54854,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1.Job" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -56257,35 +54871,33 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } } }, - "/apis/batch/v1/watch/cronjobs": { + "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1CronJobListForAllNamespaces", + "description": "read approval of the specified CertificateSigningRequest", + "operationId": "readCertificatesV1CertificateSigningRequestApproval", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -56296,107 +54908,204 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1" + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the CertificateSigningRequest", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true + } + ], + "patch": { + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update approval of the specified CertificateSigningRequest", + "operationId": "patchCertificatesV1CertificateSigningRequestApproval", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true + "schemes": [ + "https" + ], + "tags": [ + "certificates_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace approval of the specified CertificateSigningRequest", + "operationId": "replaceCertificatesV1CertificateSigningRequestApproval", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true + "schemes": [ + "https" + ], + "tags": [ + "certificates_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" } - ] + } }, - "/apis/batch/v1/watch/jobs": { + "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1JobListForAllNamespaces", + "description": "read status of the specified CertificateSigningRequest", + "operationId": "readCertificatesV1CertificateSigningRequestStatus", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" } }, "401": { @@ -56407,95 +55116,194 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the CertificateSigningRequest", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true + } + ], + "patch": { + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update status of the specified CertificateSigningRequest", + "operationId": "patchCertificatesV1CertificateSigningRequestStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true + "schemes": [ + "https" + ], + "tags": [ + "certificates_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace status of the specified CertificateSigningRequest", + "operationId": "replaceCertificatesV1CertificateSigningRequestStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true + "schemes": [ + "https" + ], + "tags": [ + "certificates_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" } - ] + } }, - "/apis/batch/v1/watch/namespaces/{namespace}/cronjobs": { + "/apis/certificates.k8s.io/v1/watch/certificatesigningrequests": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1NamespacedCronJobList", + "description": "watch individual changes to a list of CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCertificatesV1CertificateSigningRequestList", "produces": [ "application/json", "application/yaml", @@ -56518,12 +55326,12 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, @@ -56563,14 +55371,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -56608,13 +55408,13 @@ } ] }, - "/apis/batch/v1/watch/namespaces/{namespace}/cronjobs/{name}": { + "/apis/certificates.k8s.io/v1/watch/certificatesigningrequests/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchBatchV1NamespacedCronJob", + "description": "watch changes to an object of kind CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCertificatesV1CertificateSigningRequest", "produces": [ "application/json", "application/yaml", @@ -56637,12 +55437,12 @@ "https" ], "tags": [ - "batch_v1" + "certificates_v1" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", "version": "v1" } }, @@ -56683,21 +55483,13 @@ "uniqueItems": true }, { - "description": "name of the CronJob", + "description": "name of the CertificateSigningRequest", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -56735,25 +55527,25 @@ } ] }, - "/apis/batch/v1/watch/namespaces/{namespace}/jobs": { + "/apis/coordination.k8s.io/": { "get": { "consumes": [ - "*/*" + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" ], - "description": "watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1NamespacedJobList", + "description": "get information of a group", + "operationId": "getCoordinationAPIGroup", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" } }, "401": { @@ -56764,224 +55556,11 @@ "https" ], "tags": [ - "batch_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/batch/v1/watch/namespaces/{namespace}/jobs/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind Job. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchBatchV1NamespacedJob", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "Job", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the Job", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] + "coordination" + ] + } }, - "/apis/batch/v1beta1/": { + "/apis/coordination.k8s.io/v1/": { "get": { "consumes": [ "application/json", @@ -56989,7 +55568,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getBatchV1beta1APIResources", + "operationId": "getCoordinationV1APIResources", "produces": [ "application/json", "application/yaml", @@ -57010,17 +55589,17 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ] } }, - "/apis/batch/v1beta1/cronjobs": { + "/apis/coordination.k8s.io/v1/leases": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind CronJob", - "operationId": "listBatchV1beta1CronJobForAllNamespaces", + "description": "list or watch objects of kind Lease", + "operationId": "listCoordinationV1LeaseForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -57032,7 +55611,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJobList" + "$ref": "#/definitions/io.k8s.api.coordination.v1.LeaseList" } }, "401": { @@ -57043,13 +55622,13 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ @@ -57125,13 +55704,13 @@ } ] }, - "/apis/batch/v1beta1/namespaces/{namespace}/cronjobs": { + "/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of CronJob", - "operationId": "deleteBatchV1beta1CollectionNamespacedCronJob", + "description": "delete collection of Lease", + "operationId": "deleteCoordinationV1CollectionNamespacedLease", "parameters": [ { "in": "body", @@ -57238,21 +55817,21 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind CronJob", - "operationId": "listBatchV1beta1NamespacedCronJob", + "description": "list or watch objects of kind Lease", + "operationId": "listCoordinationV1NamespacedLease", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -57329,7 +55908,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJobList" + "$ref": "#/definitions/io.k8s.api.coordination.v1.LeaseList" } }, "401": { @@ -57340,13 +55919,13 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ @@ -57370,15 +55949,15 @@ "consumes": [ "*/*" ], - "description": "create a CronJob", - "operationId": "createBatchV1beta1NamespacedCronJob", + "description": "create a Lease", + "operationId": "createCoordinationV1NamespacedLease", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, { @@ -57412,19 +55991,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "401": { @@ -57435,23 +56014,23 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } } }, - "/apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}": { + "/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a CronJob", - "operationId": "deleteBatchV1beta1NamespacedCronJob", + "description": "delete a Lease", + "operationId": "deleteCoordinationV1NamespacedLease", "parameters": [ { "in": "body", @@ -57515,21 +56094,21 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified CronJob", - "operationId": "readBatchV1beta1NamespacedCronJob", + "description": "read the specified Lease", + "operationId": "readCoordinationV1NamespacedLease", "produces": [ "application/json", "application/yaml", @@ -57539,7 +56118,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "401": { @@ -57550,18 +56129,18 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ { - "description": "name of the CronJob", + "description": "name of the Lease", "in": "path", "name": "name", "required": true, @@ -57591,224 +56170,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified CronJob", - "operationId": "patchBatchV1beta1NamespacedCronJob", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1beta1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified CronJob", - "operationId": "replaceBatchV1beta1NamespacedCronJob", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1beta1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" - } - } - }, - "/apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}/status": { - "get": { - "consumes": [ - "*/*" - ], - "description": "read status of the specified CronJob", - "operationId": "readBatchV1beta1NamespacedCronJobStatus", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "batch_v1beta1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "name of the CronJob", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified CronJob", - "operationId": "patchBatchV1beta1NamespacedCronJobStatus", + "description": "partially update the specified Lease", + "operationId": "patchCoordinationV1NamespacedLease", "parameters": [ { "in": "body", @@ -57856,13 +56219,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "401": { @@ -57873,28 +56236,28 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace status of the specified CronJob", - "operationId": "replaceBatchV1beta1NamespacedCronJobStatus", + "description": "replace the specified Lease", + "operationId": "replaceCoordinationV1NamespacedLease", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, { @@ -57928,13 +56291,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.batch.v1beta1.CronJob" + "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" } }, "401": { @@ -57945,23 +56308,23 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } } }, - "/apis/batch/v1beta1/watch/cronjobs": { + "/apis/coordination.k8s.io/v1/watch/leases": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1beta1CronJobListForAllNamespaces", + "description": "watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoordinationV1LeaseListForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -57984,13 +56347,13 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ @@ -58066,13 +56429,13 @@ } ] }, - "/apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs": { + "/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchBatchV1beta1NamespacedCronJobList", + "description": "watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoordinationV1NamespacedLeaseList", "produces": [ "application/json", "application/yaml", @@ -58095,13 +56458,13 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ @@ -58185,13 +56548,13 @@ } ] }, - "/apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs/{name}": { + "/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchBatchV1beta1NamespacedCronJob", + "description": "watch changes to an object of kind Lease. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoordinationV1NamespacedLease", "produces": [ "application/json", "application/yaml", @@ -58214,13 +56577,13 @@ "https" ], "tags": [ - "batch_v1beta1" + "coordination_v1" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "batch", - "kind": "CronJob", - "version": "v1beta1" + "group": "coordination.k8s.io", + "kind": "Lease", + "version": "v1" } }, "parameters": [ @@ -58260,7 +56623,7 @@ "uniqueItems": true }, { - "description": "name of the CronJob", + "description": "name of the Lease", "in": "path", "name": "name", "required": true, @@ -58312,7 +56675,7 @@ } ] }, - "/apis/certificates.k8s.io/": { + "/apis/discovery.k8s.io/": { "get": { "consumes": [ "application/json", @@ -58320,7 +56683,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get information of a group", - "operationId": "getCertificatesAPIGroup", + "operationId": "getDiscoveryAPIGroup", "produces": [ "application/json", "application/yaml", @@ -58341,11 +56704,11 @@ "https" ], "tags": [ - "certificates" + "discovery" ] } }, - "/apis/certificates.k8s.io/v1/": { + "/apis/discovery.k8s.io/v1/": { "get": { "consumes": [ "application/json", @@ -58353,7 +56716,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getCertificatesV1APIResources", + "operationId": "getDiscoveryV1APIResources", "produces": [ "application/json", "application/yaml", @@ -58374,17 +56737,128 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ] } }, - "/apis/certificates.k8s.io/v1/certificatesigningrequests": { + "/apis/discovery.k8s.io/v1/endpointslices": { + "get": { + "consumes": [ + "*/*" + ], + "description": "list or watch objects of kind EndpointSlice", + "operationId": "listDiscoveryV1EndpointSliceForAllNamespaces", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSliceList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "discovery_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "discovery.k8s.io", + "kind": "EndpointSlice", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of CertificateSigningRequest", - "operationId": "deleteCertificatesV1CollectionCertificateSigningRequest", + "description": "delete collection of EndpointSlice", + "operationId": "deleteDiscoveryV1CollectionNamespacedEndpointSlice", "parameters": [ { "in": "body", @@ -58491,12 +56965,12 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, @@ -58504,8 +56978,8 @@ "consumes": [ "*/*" ], - "description": "list or watch objects of kind CertificateSigningRequest", - "operationId": "listCertificatesV1CertificateSigningRequest", + "description": "list or watch objects of kind EndpointSlice", + "operationId": "listDiscoveryV1NamespacedEndpointSlice", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -58582,7 +57056,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestList" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSliceList" } }, "401": { @@ -58593,16 +57067,24 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -58615,15 +57097,15 @@ "consumes": [ "*/*" ], - "description": "create a CertificateSigningRequest", - "operationId": "createCertificatesV1CertificateSigningRequest", + "description": "create an EndpointSlice", + "operationId": "createDiscoveryV1NamespacedEndpointSlice", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, { @@ -58657,19 +57139,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "401": { @@ -58680,23 +57162,23 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } } }, - "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}": { + "/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a CertificateSigningRequest", - "operationId": "deleteCertificatesV1CertificateSigningRequest", + "description": "delete an EndpointSlice", + "operationId": "deleteDiscoveryV1NamespacedEndpointSlice", "parameters": [ { "in": "body", @@ -58760,12 +57242,12 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, @@ -58773,8 +57255,8 @@ "consumes": [ "*/*" ], - "description": "read the specified CertificateSigningRequest", - "operationId": "readCertificatesV1CertificateSigningRequest", + "description": "read the specified EndpointSlice", + "operationId": "readDiscoveryV1NamespacedEndpointSlice", "produces": [ "application/json", "application/yaml", @@ -58784,7 +57266,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "401": { @@ -58795,24 +57277,32 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, "parameters": [ { - "description": "name of the CertificateSigningRequest", + "description": "name of the EndpointSlice", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -58828,8 +57318,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified CertificateSigningRequest", - "operationId": "patchCertificatesV1CertificateSigningRequest", + "description": "partially update the specified EndpointSlice", + "operationId": "patchDiscoveryV1NamespacedEndpointSlice", "parameters": [ { "in": "body", @@ -58877,13 +57367,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "401": { @@ -58894,12 +57384,12 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, @@ -58907,15 +57397,15 @@ "consumes": [ "*/*" ], - "description": "replace the specified CertificateSigningRequest", - "operationId": "replaceCertificatesV1CertificateSigningRequest", + "description": "replace the specified EndpointSlice", + "operationId": "replaceDiscoveryV1NamespacedEndpointSlice", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, { @@ -58949,13 +57439,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" } }, "401": { @@ -58966,33 +57456,35 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } } }, - "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval": { + "/apis/discovery.k8s.io/v1/watch/endpointslices": { "get": { "consumes": [ "*/*" ], - "description": "read approval of the specified CertificateSigningRequest", - "operationId": "readCertificatesV1CertificateSigningRequestApproval", + "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchDiscoveryV1EndpointSliceListForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -59003,95 +57495,107 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, "parameters": [ { - "description": "name of the CertificateSigningRequest", - "in": "path", - "name": "name", - "required": true, + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", "type": "string", "uniqueItems": true }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - ], - "patch": { + ] + }, + "/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices": { + "get": { "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update approval of the specified CertificateSigningRequest", - "operationId": "patchCertificatesV1CertificateSigningRequestApproval", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } + "*/*" ], + "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchDiscoveryV1NamespacedEndpointSliceList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -59102,68 +57606,115 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], - "x-kubernetes-action": "patch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } }, - "put": { + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices/{name}": { + "get": { "consumes": [ "*/*" ], - "description": "replace approval of the specified CertificateSigningRequest", - "operationId": "replaceCertificatesV1CertificateSigningRequestApproval", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], + "description": "watch changes to an object of kind EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchDiscoveryV1NamespacedEndpointSlice", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -59174,23 +57725,113 @@ "https" ], "tags": [ - "certificates_v1" + "discovery_v1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", + "group": "discovery.k8s.io", + "kind": "EndpointSlice", "version": "v1" } - } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the EndpointSlice", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] }, - "/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status": { + "/apis/events.k8s.io/": { "get": { "consumes": [ - "*/*" + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" ], - "description": "read status of the specified CertificateSigningRequest", - "operationId": "readCertificatesV1CertificateSigningRequestStatus", + "description": "get information of a group", + "operationId": "getEventsAPIGroup", "produces": [ "application/json", "application/yaml", @@ -59200,7 +57841,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" } }, "401": { @@ -59211,451 +57852,11 @@ "https" ], "tags": [ - "certificates_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the CertificateSigningRequest", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified CertificateSigningRequest", - "operationId": "patchCertificatesV1CertificateSigningRequestStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "certificates_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified CertificateSigningRequest", - "operationId": "replaceCertificatesV1CertificateSigningRequestStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequest" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "certificates_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", - "version": "v1" - } - } - }, - "/apis/certificates.k8s.io/v1/watch/certificatesigningrequests": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCertificatesV1CertificateSigningRequestList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "certificates_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/certificates.k8s.io/v1/watch/certificatesigningrequests/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCertificatesV1CertificateSigningRequest", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "certificates_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "certificates.k8s.io", - "kind": "CertificateSigningRequest", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the CertificateSigningRequest", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/coordination.k8s.io/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get information of a group", - "operationId": "getCoordinationAPIGroup", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "coordination" + "events" ] } }, - "/apis/coordination.k8s.io/v1/": { + "/apis/events.k8s.io/v1/": { "get": { "consumes": [ "application/json", @@ -59663,7 +57864,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getCoordinationV1APIResources", + "operationId": "getEventsV1APIResources", "produces": [ "application/json", "application/yaml", @@ -59684,17 +57885,17 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ] } }, - "/apis/coordination.k8s.io/v1/leases": { + "/apis/events.k8s.io/v1/events": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Lease", - "operationId": "listCoordinationV1LeaseForAllNamespaces", + "description": "list or watch objects of kind Event", + "operationId": "listEventsV1EventForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -59706,7 +57907,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.LeaseList" + "$ref": "#/definitions/io.k8s.api.events.v1.EventList" } }, "401": { @@ -59717,12 +57918,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -59799,13 +58000,13 @@ } ] }, - "/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases": { + "/apis/events.k8s.io/v1/namespaces/{namespace}/events": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of Lease", - "operationId": "deleteCoordinationV1CollectionNamespacedLease", + "description": "delete collection of Event", + "operationId": "deleteEventsV1CollectionNamespacedEvent", "parameters": [ { "in": "body", @@ -59912,12 +58113,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -59925,8 +58126,8 @@ "consumes": [ "*/*" ], - "description": "list or watch objects of kind Lease", - "operationId": "listCoordinationV1NamespacedLease", + "description": "list or watch objects of kind Event", + "operationId": "listEventsV1NamespacedEvent", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -60003,7 +58204,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.LeaseList" + "$ref": "#/definitions/io.k8s.api.events.v1.EventList" } }, "401": { @@ -60014,12 +58215,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60044,15 +58245,15 @@ "consumes": [ "*/*" ], - "description": "create a Lease", - "operationId": "createCoordinationV1NamespacedLease", + "description": "create an Event", + "operationId": "createEventsV1NamespacedEvent", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, { @@ -60086,19 +58287,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "401": { @@ -60109,23 +58310,23 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } } }, - "/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}": { + "/apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a Lease", - "operationId": "deleteCoordinationV1NamespacedLease", + "description": "delete an Event", + "operationId": "deleteEventsV1NamespacedEvent", "parameters": [ { "in": "body", @@ -60189,12 +58390,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60202,9 +58403,9 @@ "consumes": [ "*/*" ], - "description": "read the specified Lease", - "operationId": "readCoordinationV1NamespacedLease", - "produces": [ + "description": "read the specified Event", + "operationId": "readEventsV1NamespacedEvent", + "produces": [ "application/json", "application/yaml", "application/vnd.kubernetes.protobuf" @@ -60213,7 +58414,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "401": { @@ -60224,18 +58425,18 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, "parameters": [ { - "description": "name of the Lease", + "description": "name of the Event", "in": "path", "name": "name", "required": true, @@ -60265,8 +58466,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified Lease", - "operationId": "patchCoordinationV1NamespacedLease", + "description": "partially update the specified Event", + "operationId": "patchEventsV1NamespacedEvent", "parameters": [ { "in": "body", @@ -60314,13 +58515,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "401": { @@ -60331,12 +58532,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60344,15 +58545,15 @@ "consumes": [ "*/*" ], - "description": "replace the specified Lease", - "operationId": "replaceCoordinationV1NamespacedLease", + "description": "replace the specified Event", + "operationId": "replaceEventsV1NamespacedEvent", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, { @@ -60386,13 +58587,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.coordination.v1.Lease" + "$ref": "#/definitions/io.k8s.api.events.v1.Event" } }, "401": { @@ -60403,23 +58604,23 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } } }, - "/apis/coordination.k8s.io/v1/watch/leases": { + "/apis/events.k8s.io/v1/watch/events": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoordinationV1LeaseListForAllNamespaces", + "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchEventsV1EventListForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -60442,12 +58643,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60524,13 +58725,13 @@ } ] }, - "/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases": { + "/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoordinationV1NamespacedLeaseList", + "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchEventsV1NamespacedEventList", "produces": [ "application/json", "application/yaml", @@ -60553,12 +58754,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60643,13 +58844,13 @@ } ] }, - "/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases/{name}": { + "/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind Lease. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoordinationV1NamespacedLease", + "description": "watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchEventsV1NamespacedEvent", "produces": [ "application/json", "application/yaml", @@ -60672,12 +58873,12 @@ "https" ], "tags": [ - "coordination_v1" + "events_v1" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "coordination.k8s.io", - "kind": "Lease", + "group": "events.k8s.io", + "kind": "Event", "version": "v1" } }, @@ -60718,7 +58919,7 @@ "uniqueItems": true }, { - "description": "name of the Lease", + "description": "name of the Event", "in": "path", "name": "name", "required": true, @@ -60770,7 +58971,7 @@ } ] }, - "/apis/discovery.k8s.io/": { + "/apis/flowcontrol.apiserver.k8s.io/": { "get": { "consumes": [ "application/json", @@ -60778,7 +58979,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get information of a group", - "operationId": "getDiscoveryAPIGroup", + "operationId": "getFlowcontrolApiserverAPIGroup", "produces": [ "application/json", "application/yaml", @@ -60799,11 +59000,11 @@ "https" ], "tags": [ - "discovery" + "flowcontrolApiserver" ] } }, - "/apis/discovery.k8s.io/v1/": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/": { "get": { "consumes": [ "application/json", @@ -60811,7 +59012,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getDiscoveryV1APIResources", + "operationId": "getFlowcontrolApiserverV1beta1APIResources", "produces": [ "application/json", "application/yaml", @@ -60832,128 +59033,17 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ] } }, - "/apis/discovery.k8s.io/v1/endpointslices": { - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind EndpointSlice", - "operationId": "listDiscoveryV1EndpointSliceForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSliceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "discovery_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of EndpointSlice", - "operationId": "deleteDiscoveryV1CollectionNamespacedEndpointSlice", + "description": "delete collection of FlowSchema", + "operationId": "deleteFlowcontrolApiserverV1beta1CollectionFlowSchema", "parameters": [ { "in": "body", @@ -61060,21 +59150,21 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind EndpointSlice", - "operationId": "listDiscoveryV1NamespacedEndpointSlice", + "description": "list or watch objects of kind FlowSchema", + "operationId": "listFlowcontrolApiserverV1beta1FlowSchema", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -61151,7 +59241,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSliceList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchemaList" } }, "401": { @@ -61162,24 +59252,16 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -61192,15 +59274,15 @@ "consumes": [ "*/*" ], - "description": "create an EndpointSlice", - "operationId": "createDiscoveryV1NamespacedEndpointSlice", + "description": "create a FlowSchema", + "operationId": "createFlowcontrolApiserverV1beta1FlowSchema", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, { @@ -61234,19 +59316,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61257,23 +59339,23 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } } }, - "/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete an EndpointSlice", - "operationId": "deleteDiscoveryV1NamespacedEndpointSlice", + "description": "delete a FlowSchema", + "operationId": "deleteFlowcontrolApiserverV1beta1FlowSchema", "parameters": [ { "in": "body", @@ -61337,21 +59419,21 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified EndpointSlice", - "operationId": "readDiscoveryV1NamespacedEndpointSlice", + "description": "read the specified FlowSchema", + "operationId": "readFlowcontrolApiserverV1beta1FlowSchema", "produces": [ "application/json", "application/yaml", @@ -61361,7 +59443,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61372,32 +59454,24 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "parameters": [ { - "description": "name of the EndpointSlice", + "description": "name of the FlowSchema", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -61413,8 +59487,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified EndpointSlice", - "operationId": "patchDiscoveryV1NamespacedEndpointSlice", + "description": "partially update the specified FlowSchema", + "operationId": "patchFlowcontrolApiserverV1beta1FlowSchema", "parameters": [ { "in": "body", @@ -61462,13 +59536,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61479,28 +59553,28 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified EndpointSlice", - "operationId": "replaceDiscoveryV1NamespacedEndpointSlice", + "description": "replace the specified FlowSchema", + "operationId": "replaceFlowcontrolApiserverV1beta1FlowSchema", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, { @@ -61534,13 +59608,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61551,35 +59625,33 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } } }, - "/apis/discovery.k8s.io/v1/watch/endpointslices": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchDiscoveryV1EndpointSliceListForAllNamespaces", + "description": "read status of the specified FlowSchema", + "operationId": "readFlowcontrolApiserverV1beta1FlowSchemaStatus", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61590,107 +59662,95 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the FlowSchema", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices": { - "get": { + ], + "patch": { "consumes": [ - "*/*" + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update status of the specified FlowSchema", + "operationId": "patchFlowcontrolApiserverV1beta1FlowSchemaStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } ], - "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchDiscoveryV1NamespacedEndpointSliceList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61701,232 +59761,52 @@ "https" ], "tags": [ - "discovery_v1" + "flowcontrolApiserver_v1beta1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices/{name}": { - "get": { + "put": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchDiscoveryV1NamespacedEndpointSlice", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", + "description": "replace status of the specified FlowSchema", + "operationId": "replaceFlowcontrolApiserverV1beta1FlowSchemaStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, - "401": { - "description": "Unauthorized" + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true } - }, - "schemes": [ - "https" - ], - "tags": [ - "discovery_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the EndpointSlice", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/discovery.k8s.io/v1beta1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" ], - "description": "get available resources", - "operationId": "getDiscoveryV1beta1APIResources", "produces": [ "application/json", "application/yaml", @@ -61936,7 +59816,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" } }, "401": { @@ -61947,134 +59833,29 @@ "https" ], "tags": [ - "discovery_v1beta1" - ] + "flowcontrolApiserver_v1beta1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta1" + } } }, - "/apis/discovery.k8s.io/v1beta1/endpointslices": { - "get": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations": { + "delete": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind EndpointSlice", - "operationId": "listDiscoveryV1beta1EndpointSliceForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", + "description": "delete collection of PriorityLevelConfiguration", + "operationId": "deleteFlowcontrolApiserverV1beta1CollectionPriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSliceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "discovery_v1beta1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/discovery.k8s.io/v1beta1/namespaces/{namespace}/endpointslices": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of EndpointSlice", - "operationId": "deleteDiscoveryV1beta1CollectionNamespacedEndpointSlice", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" } }, { @@ -62175,12 +59956,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, @@ -62188,8 +59969,8 @@ "consumes": [ "*/*" ], - "description": "list or watch objects of kind EndpointSlice", - "operationId": "listDiscoveryV1beta1NamespacedEndpointSlice", + "description": "list or watch objects of kind PriorityLevelConfiguration", + "operationId": "listFlowcontrolApiserverV1beta1PriorityLevelConfiguration", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -62266,7 +60047,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSliceList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList" } }, "401": { @@ -62277,24 +60058,16 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -62307,15 +60080,15 @@ "consumes": [ "*/*" ], - "description": "create an EndpointSlice", - "operationId": "createDiscoveryV1beta1NamespacedEndpointSlice", + "description": "create a PriorityLevelConfiguration", + "operationId": "createFlowcontrolApiserverV1beta1PriorityLevelConfiguration", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, { @@ -62349,19 +60122,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "401": { @@ -62372,23 +60145,23 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } } }, - "/apis/discovery.k8s.io/v1beta1/namespaces/{namespace}/endpointslices/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete an EndpointSlice", - "operationId": "deleteDiscoveryV1beta1NamespacedEndpointSlice", + "description": "delete a PriorityLevelConfiguration", + "operationId": "deleteFlowcontrolApiserverV1beta1PriorityLevelConfiguration", "parameters": [ { "in": "body", @@ -62452,12 +60225,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, @@ -62465,8 +60238,8 @@ "consumes": [ "*/*" ], - "description": "read the specified EndpointSlice", - "operationId": "readDiscoveryV1beta1NamespacedEndpointSlice", + "description": "read the specified PriorityLevelConfiguration", + "operationId": "readFlowcontrolApiserverV1beta1PriorityLevelConfiguration", "produces": [ "application/json", "application/yaml", @@ -62476,7 +60249,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "401": { @@ -62487,18 +60260,18 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, "parameters": [ { - "description": "name of the EndpointSlice", + "description": "name of the PriorityLevelConfiguration", "in": "path", "name": "name", "required": true, @@ -62506,9 +60279,209 @@ "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + } + ], + "patch": { + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update the specified PriorityLevelConfiguration", + "operationId": "patchFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta1" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace the specified PriorityLevelConfiguration", + "operationId": "replaceFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta1" + } + } + }, + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}/status": { + "get": { + "consumes": [ + "*/*" + ], + "description": "read status of the specified PriorityLevelConfiguration", + "operationId": "readFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta1" + } + }, + "parameters": [ + { + "description": "name of the PriorityLevelConfiguration", "in": "path", - "name": "namespace", + "name": "name", "required": true, "type": "string", "uniqueItems": true @@ -62528,8 +60501,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified EndpointSlice", - "operationId": "patchDiscoveryV1beta1NamespacedEndpointSlice", + "description": "partially update status of the specified PriorityLevelConfiguration", + "operationId": "patchFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", "parameters": [ { "in": "body", @@ -62577,13 +60550,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "401": { @@ -62594,12 +60567,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, @@ -62607,15 +60580,15 @@ "consumes": [ "*/*" ], - "description": "replace the specified EndpointSlice", - "operationId": "replaceDiscoveryV1beta1NamespacedEndpointSlice", + "description": "replace status of the specified PriorityLevelConfiguration", + "operationId": "replaceFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, { @@ -62649,13 +60622,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.discovery.v1beta1.EndpointSlice" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" } }, "401": { @@ -62666,23 +60639,23 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } } }, - "/apis/discovery.k8s.io/v1beta1/watch/endpointslices": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchDiscoveryV1beta1EndpointSliceListForAllNamespaces", + "description": "watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchFlowcontrolApiserverV1beta1FlowSchemaList", "produces": [ "application/json", "application/yaml", @@ -62705,12 +60678,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", "version": "v1beta1" } }, @@ -62787,13 +60760,13 @@ } ] }, - "/apis/discovery.k8s.io/v1beta1/watch/namespaces/{namespace}/endpointslices": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchDiscoveryV1beta1NamespacedEndpointSliceList", + "description": "watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchFlowcontrolApiserverV1beta1FlowSchema", "produces": [ "application/json", "application/yaml", @@ -62816,12 +60789,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", "version": "v1beta1" } }, @@ -62862,9 +60835,9 @@ "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", + "description": "name of the FlowSchema", "in": "path", - "name": "namespace", + "name": "name", "required": true, "type": "string", "uniqueItems": true @@ -62906,13 +60879,13 @@ } ] }, - "/apis/discovery.k8s.io/v1beta1/watch/namespaces/{namespace}/endpointslices/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchDiscoveryV1beta1NamespacedEndpointSlice", + "description": "watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchFlowcontrolApiserverV1beta1PriorityLevelConfigurationList", "produces": [ "application/json", "application/yaml", @@ -62935,12 +60908,12 @@ "https" ], "tags": [ - "discovery_v1beta1" + "flowcontrolApiserver_v1beta1" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "discovery.k8s.io", - "kind": "EndpointSlice", + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", "version": "v1beta1" } }, @@ -62980,22 +60953,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "name of the EndpointSlice", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -63033,79 +60990,13 @@ } ] }, - "/apis/events.k8s.io/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get information of a group", - "operationId": "getEventsAPIGroup", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "events" - ] - } - }, - "/apis/events.k8s.io/v1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getEventsV1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "events_v1" - ] - } - }, - "/apis/events.k8s.io/v1/events": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations/{name}": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Event", - "operationId": "listEventsV1EventForAllNamespaces", + "description": "watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchFlowcontrolApiserverV1beta1PriorityLevelConfiguration", "produces": [ "application/json", "application/yaml", @@ -63117,7 +61008,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.EventList" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -63128,13 +61019,13 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta1" } }, "parameters": [ @@ -63173,6 +61064,14 @@ "type": "integer", "uniqueItems": true }, + { + "description": "name of the PriorityLevelConfiguration", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -63210,13 +61109,46 @@ } ] }, - "/apis/events.k8s.io/v1/namespaces/{namespace}/events": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get available resources", + "operationId": "getFlowcontrolApiserverV1beta2APIResources", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta2" + ] + } + }, + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of Event", - "operationId": "deleteEventsV1CollectionNamespacedEvent", + "description": "delete collection of FlowSchema", + "operationId": "deleteFlowcontrolApiserverV1beta2CollectionFlowSchema", "parameters": [ { "in": "body", @@ -63323,21 +61255,21 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Event", - "operationId": "listEventsV1NamespacedEvent", + "description": "list or watch objects of kind FlowSchema", + "operationId": "listFlowcontrolApiserverV1beta2FlowSchema", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -63414,7 +61346,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.EventList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchemaList" } }, "401": { @@ -63425,24 +61357,16 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -63455,15 +61379,15 @@ "consumes": [ "*/*" ], - "description": "create an Event", - "operationId": "createEventsV1NamespacedEvent", + "description": "create a FlowSchema", + "operationId": "createFlowcontrolApiserverV1beta2FlowSchema", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, { @@ -63497,19 +61421,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63520,23 +61444,23 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } } }, - "/apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete an Event", - "operationId": "deleteEventsV1NamespacedEvent", + "description": "delete a FlowSchema", + "operationId": "deleteFlowcontrolApiserverV1beta2FlowSchema", "parameters": [ { "in": "body", @@ -63600,21 +61524,21 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified Event", - "operationId": "readEventsV1NamespacedEvent", + "description": "read the specified FlowSchema", + "operationId": "readFlowcontrolApiserverV1beta2FlowSchema", "produces": [ "application/json", "application/yaml", @@ -63624,7 +61548,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63635,32 +61559,24 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "parameters": [ { - "description": "name of the Event", + "description": "name of the FlowSchema", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -63676,8 +61592,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified Event", - "operationId": "patchEventsV1NamespacedEvent", + "description": "partially update the specified FlowSchema", + "operationId": "patchFlowcontrolApiserverV1beta2FlowSchema", "parameters": [ { "in": "body", @@ -63725,13 +61641,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63742,28 +61658,28 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified Event", - "operationId": "replaceEventsV1NamespacedEvent", + "description": "replace the specified FlowSchema", + "operationId": "replaceFlowcontrolApiserverV1beta2FlowSchema", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, { @@ -63797,13 +61713,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63814,35 +61730,33 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } } }, - "/apis/events.k8s.io/v1/watch/events": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchEventsV1EventListForAllNamespaces", + "description": "read status of the specified FlowSchema", + "operationId": "readFlowcontrolApiserverV1beta2FlowSchemaStatus", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63853,107 +61767,95 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the FlowSchema", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events": { - "get": { + ], + "patch": { "consumes": [ - "*/*" + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update status of the specified FlowSchema", + "operationId": "patchFlowcontrolApiserverV1beta2FlowSchemaStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } ], - "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchEventsV1NamespacedEventList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -63964,232 +61866,52 @@ "https" ], "tags": [ - "events_v1" + "flowcontrolApiserver_v1beta2" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events/{name}": { - "get": { + "put": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchEventsV1NamespacedEvent", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", + "description": "replace status of the specified FlowSchema", + "operationId": "replaceFlowcontrolApiserverV1beta2FlowSchemaStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, - "401": { - "description": "Unauthorized" + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true } - }, - "schemes": [ - "https" - ], - "tags": [ - "events_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the Event", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/events.k8s.io/v1beta1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" ], - "description": "get available resources", - "operationId": "getEventsV1beta1APIResources", "produces": [ "application/json", "application/yaml", @@ -64199,7 +61921,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" } }, "401": { @@ -64210,134 +61938,29 @@ "https" ], "tags": [ - "events_v1beta1" - ] + "flowcontrolApiserver_v1beta2" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" + } } }, - "/apis/events.k8s.io/v1beta1/events": { - "get": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations": { + "delete": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Event", - "operationId": "listEventsV1beta1EventForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", + "description": "delete collection of PriorityLevelConfiguration", + "operationId": "deleteFlowcontrolApiserverV1beta2CollectionPriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.EventList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "events_v1beta1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/events.k8s.io/v1beta1/namespaces/{namespace}/events": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of Event", - "operationId": "deleteEventsV1beta1CollectionNamespacedEvent", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" } }, { @@ -64438,21 +62061,21 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind Event", - "operationId": "listEventsV1beta1NamespacedEvent", + "description": "list or watch objects of kind PriorityLevelConfiguration", + "operationId": "listFlowcontrolApiserverV1beta2PriorityLevelConfiguration", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -64529,7 +62152,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.EventList" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationList" } }, "401": { @@ -64540,24 +62163,16 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -64570,15 +62185,15 @@ "consumes": [ "*/*" ], - "description": "create an Event", - "operationId": "createEventsV1beta1NamespacedEvent", + "description": "create a PriorityLevelConfiguration", + "operationId": "createFlowcontrolApiserverV1beta2PriorityLevelConfiguration", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, { @@ -64612,19 +62227,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "401": { @@ -64635,23 +62250,23 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } } }, - "/apis/events.k8s.io/v1beta1/namespaces/{namespace}/events/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete an Event", - "operationId": "deleteEventsV1beta1NamespacedEvent", + "description": "delete a PriorityLevelConfiguration", + "operationId": "deleteFlowcontrolApiserverV1beta2PriorityLevelConfiguration", "parameters": [ { "in": "body", @@ -64715,21 +62330,21 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified Event", - "operationId": "readEventsV1beta1NamespacedEvent", + "description": "read the specified PriorityLevelConfiguration", + "operationId": "readFlowcontrolApiserverV1beta2PriorityLevelConfiguration", "produces": [ "application/json", "application/yaml", @@ -64739,7 +62354,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "401": { @@ -64750,18 +62365,18 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "parameters": [ { - "description": "name of the Event", + "description": "name of the PriorityLevelConfiguration", "in": "path", "name": "name", "required": true, @@ -64769,9 +62384,209 @@ "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + } + ], + "patch": { + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update the specified PriorityLevelConfiguration", + "operationId": "patchFlowcontrolApiserverV1beta2PriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta2" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace the specified PriorityLevelConfiguration", + "operationId": "replaceFlowcontrolApiserverV1beta2PriorityLevelConfiguration", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta2" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" + } + } + }, + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations/{name}/status": { + "get": { + "consumes": [ + "*/*" + ], + "description": "read status of the specified PriorityLevelConfiguration", + "operationId": "readFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta2" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" + } + }, + "parameters": [ + { + "description": "name of the PriorityLevelConfiguration", "in": "path", - "name": "namespace", + "name": "name", "required": true, "type": "string", "uniqueItems": true @@ -64791,8 +62606,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified Event", - "operationId": "patchEventsV1beta1NamespacedEvent", + "description": "partially update status of the specified PriorityLevelConfiguration", + "operationId": "patchFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", "parameters": [ { "in": "body", @@ -64840,13 +62655,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "401": { @@ -64857,28 +62672,28 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified Event", - "operationId": "replaceEventsV1beta1NamespacedEvent", + "description": "replace status of the specified PriorityLevelConfiguration", + "operationId": "replaceFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, { @@ -64912,13 +62727,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.events.v1beta1.Event" + "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" } }, "401": { @@ -64929,23 +62744,23 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } } }, - "/apis/events.k8s.io/v1beta1/watch/events": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/flowschemas": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchEventsV1beta1EventListForAllNamespaces", + "description": "watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchFlowcontrolApiserverV1beta2FlowSchemaList", "produces": [ "application/json", "application/yaml", @@ -64968,13 +62783,13 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "parameters": [ @@ -65050,13 +62865,13 @@ } ] }, - "/apis/events.k8s.io/v1beta1/watch/namespaces/{namespace}/events": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/flowschemas/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchEventsV1beta1NamespacedEventList", + "description": "watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchFlowcontrolApiserverV1beta2FlowSchema", "produces": [ "application/json", "application/yaml", @@ -65079,13 +62894,13 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "FlowSchema", + "version": "v1beta2" } }, "parameters": [ @@ -65125,9 +62940,9 @@ "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", + "description": "name of the FlowSchema", "in": "path", - "name": "namespace", + "name": "name", "required": true, "type": "string", "uniqueItems": true @@ -65169,13 +62984,13 @@ } ] }, - "/apis/events.k8s.io/v1beta1/watch/namespaces/{namespace}/events/{name}": { + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/prioritylevelconfigurations": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchEventsV1beta1NamespacedEvent", + "description": "watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchFlowcontrolApiserverV1beta2PriorityLevelConfigurationList", "produces": [ "application/json", "application/yaml", @@ -65198,13 +63013,13 @@ "https" ], "tags": [ - "events_v1beta1" + "flowcontrolApiserver_v1beta2" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "events.k8s.io", - "kind": "Event", - "version": "v1beta1" + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" } }, "parameters": [ @@ -65244,17 +63059,120 @@ "uniqueItems": true }, { - "description": "name of the Event", - "in": "path", - "name": "name", - "required": true, + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", "type": "string", "uniqueItems": true }, { - "description": "object name and auth scope, such as for teams and projects", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/prioritylevelconfigurations/{name}": { + "get": { + "consumes": [ + "*/*" + ], + "description": "watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchFlowcontrolApiserverV1beta2PriorityLevelConfiguration", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "flowcontrolApiserver_v1beta2" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "PriorityLevelConfiguration", + "version": "v1beta2" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the PriorityLevelConfiguration", "in": "path", - "name": "namespace", + "name": "name", "required": true, "type": "string", "uniqueItems": true @@ -65296,7 +63214,7 @@ } ] }, - "/apis/flowcontrol.apiserver.k8s.io/": { + "/apis/internal.apiserver.k8s.io/": { "get": { "consumes": [ "application/json", @@ -65304,7 +63222,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get information of a group", - "operationId": "getFlowcontrolApiserverAPIGroup", + "operationId": "getInternalApiserverAPIGroup", "produces": [ "application/json", "application/yaml", @@ -65325,11 +63243,11 @@ "https" ], "tags": [ - "flowcontrolApiserver" + "internalApiserver" ] } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/": { + "/apis/internal.apiserver.k8s.io/v1alpha1/": { "get": { "consumes": [ "application/json", @@ -65337,7 +63255,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getFlowcontrolApiserverV1beta1APIResources", + "operationId": "getInternalApiserverV1alpha1APIResources", "produces": [ "application/json", "application/yaml", @@ -65358,17 +63276,17 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ] } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas": { + "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of FlowSchema", - "operationId": "deleteFlowcontrolApiserverV1beta1CollectionFlowSchema", + "description": "delete collection of StorageVersion", + "operationId": "deleteInternalApiserverV1alpha1CollectionStorageVersion", "parameters": [ { "in": "body", @@ -65475,21 +63393,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind FlowSchema", - "operationId": "listFlowcontrolApiserverV1beta1FlowSchema", + "description": "list or watch objects of kind StorageVersion", + "operationId": "listInternalApiserverV1alpha1StorageVersion", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -65566,7 +63484,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchemaList" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersionList" } }, "401": { @@ -65577,13 +63495,13 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "parameters": [ @@ -65599,15 +63517,15 @@ "consumes": [ "*/*" ], - "description": "create a FlowSchema", - "operationId": "createFlowcontrolApiserverV1beta1FlowSchema", + "description": "create a StorageVersion", + "operationId": "createInternalApiserverV1alpha1StorageVersion", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, { @@ -65641,19 +63559,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -65664,23 +63582,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}": { + "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a FlowSchema", - "operationId": "deleteFlowcontrolApiserverV1beta1FlowSchema", + "description": "delete a StorageVersion", + "operationId": "deleteInternalApiserverV1alpha1StorageVersion", "parameters": [ { "in": "body", @@ -65744,21 +63662,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified FlowSchema", - "operationId": "readFlowcontrolApiserverV1beta1FlowSchema", + "description": "read the specified StorageVersion", + "operationId": "readInternalApiserverV1alpha1StorageVersion", "produces": [ "application/json", "application/yaml", @@ -65768,7 +63686,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -65779,18 +63697,18 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "parameters": [ { - "description": "name of the FlowSchema", + "description": "name of the StorageVersion", "in": "path", "name": "name", "required": true, @@ -65812,8 +63730,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified FlowSchema", - "operationId": "patchFlowcontrolApiserverV1beta1FlowSchema", + "description": "partially update the specified StorageVersion", + "operationId": "patchInternalApiserverV1alpha1StorageVersion", "parameters": [ { "in": "body", @@ -65861,13 +63779,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -65878,28 +63796,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified FlowSchema", - "operationId": "replaceFlowcontrolApiserverV1beta1FlowSchema", + "description": "replace the specified StorageVersion", + "operationId": "replaceInternalApiserverV1alpha1StorageVersion", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, { @@ -65933,13 +63851,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -65950,23 +63868,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status": { + "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified FlowSchema", - "operationId": "readFlowcontrolApiserverV1beta1FlowSchemaStatus", + "description": "read status of the specified StorageVersion", + "operationId": "readInternalApiserverV1alpha1StorageVersionStatus", "produces": [ "application/json", "application/yaml", @@ -65976,7 +63894,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -65987,18 +63905,18 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "parameters": [ { - "description": "name of the FlowSchema", + "description": "name of the StorageVersion", "in": "path", "name": "name", "required": true, @@ -66020,8 +63938,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update status of the specified FlowSchema", - "operationId": "patchFlowcontrolApiserverV1beta1FlowSchemaStatus", + "description": "partially update status of the specified StorageVersion", + "operationId": "patchInternalApiserverV1alpha1StorageVersionStatus", "parameters": [ { "in": "body", @@ -66069,13 +63987,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -66086,28 +64004,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace status of the specified FlowSchema", - "operationId": "replaceFlowcontrolApiserverV1beta1FlowSchemaStatus", + "description": "replace status of the specified StorageVersion", + "operationId": "replaceInternalApiserverV1alpha1StorageVersionStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, { @@ -66141,13 +64059,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.FlowSchema" + "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" } }, "401": { @@ -66158,23 +64076,319 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "internalApiserver_v1alpha1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations": { + "/apis/internal.apiserver.k8s.io/v1alpha1/watch/storageversions": { + "get": { + "consumes": [ + "*/*" + ], + "description": "watch individual changes to a list of StorageVersion. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchInternalApiserverV1alpha1StorageVersionList", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "internalApiserver_v1alpha1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/internal.apiserver.k8s.io/v1alpha1/watch/storageversions/{name}": { + "get": { + "consumes": [ + "*/*" + ], + "description": "watch changes to an object of kind StorageVersion. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchInternalApiserverV1alpha1StorageVersion", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "internalApiserver_v1alpha1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "internal.apiserver.k8s.io", + "kind": "StorageVersion", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the StorageVersion", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/networking.k8s.io/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get information of a group", + "operationId": "getNetworkingAPIGroup", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "networking" + ] + } + }, + "/apis/networking.k8s.io/v1/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get available resources", + "operationId": "getNetworkingV1APIResources", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "networking_v1" + ] + } + }, + "/apis/networking.k8s.io/v1/ingressclasses": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of PriorityLevelConfiguration", - "operationId": "deleteFlowcontrolApiserverV1beta1CollectionPriorityLevelConfiguration", + "description": "delete collection of IngressClass", + "operationId": "deleteNetworkingV1CollectionIngressClass", "parameters": [ { "in": "body", @@ -66281,21 +64495,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind PriorityLevelConfiguration", - "operationId": "listFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "list or watch objects of kind IngressClass", + "operationId": "listNetworkingV1IngressClass", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -66372,7 +64586,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassList" } }, "401": { @@ -66383,13 +64597,13 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "parameters": [ @@ -66405,15 +64619,15 @@ "consumes": [ "*/*" ], - "description": "create a PriorityLevelConfiguration", - "operationId": "createFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "create an IngressClass", + "operationId": "createNetworkingV1IngressClass", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, { @@ -66447,19 +64661,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "401": { @@ -66470,23 +64684,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}": { + "/apis/networking.k8s.io/v1/ingressclasses/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a PriorityLevelConfiguration", - "operationId": "deleteFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "delete an IngressClass", + "operationId": "deleteNetworkingV1IngressClass", "parameters": [ { "in": "body", @@ -66550,21 +64764,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified PriorityLevelConfiguration", - "operationId": "readFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "read the specified IngressClass", + "operationId": "readNetworkingV1IngressClass", "produces": [ "application/json", "application/yaml", @@ -66574,7 +64788,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "401": { @@ -66585,18 +64799,18 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "parameters": [ { - "description": "name of the PriorityLevelConfiguration", + "description": "name of the IngressClass", "in": "path", "name": "name", "required": true, @@ -66618,8 +64832,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified PriorityLevelConfiguration", - "operationId": "patchFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "partially update the specified IngressClass", + "operationId": "patchNetworkingV1IngressClass", "parameters": [ { "in": "body", @@ -66667,13 +64881,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "401": { @@ -66684,28 +64898,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified PriorityLevelConfiguration", - "operationId": "replaceFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "replace the specified IngressClass", + "operationId": "replaceNetworkingV1IngressClass", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, { @@ -66739,13 +64953,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" } }, "401": { @@ -66756,33 +64970,35 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}/status": { + "/apis/networking.k8s.io/v1/ingresses": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified PriorityLevelConfiguration", - "operationId": "readFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", + "description": "list or watch objects of kind Ingress", + "operationId": "listNetworkingV1IngressForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressList" } }, "401": { @@ -66793,50 +65009,110 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, "parameters": [ { - "description": "name of the PriorityLevelConfiguration", - "in": "path", - "name": "name", - "required": true, + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", "type": "string", "uniqueItems": true }, { - "description": "If 'true', then the output is pretty printed.", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", "in": "query", - "name": "pretty", + "name": "fieldSelector", "type": "string", "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - ], - "patch": { + ] + }, + "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses": { + "delete": { "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" + "*/*" ], - "description": "partially update status of the specified PriorityLevelConfiguration", - "operationId": "patchFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", + "description": "delete collection of Ingress", + "operationId": "deleteNetworkingV1CollectionNamespacedIngress", "parameters": [ { "in": "body", "name": "body", - "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" } }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, { "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "in": "query", @@ -66845,25 +65121,67 @@ "uniqueItems": true }, { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", "in": "query", - "name": "fieldManager", + "name": "fieldSelector", "type": "string", "uniqueItems": true }, { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", "in": "query", - "name": "fieldValidation", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", "type": "string", "uniqueItems": true }, { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", "in": "query", - "name": "force", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", "type": "boolean", "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true } ], "produces": [ @@ -66875,13 +65193,109 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, - "201": { - "description": "Created", + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "networking_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } + }, + "get": { + "consumes": [ + "*/*" + ], + "description": "list or watch objects of kind Ingress", + "operationId": "listNetworkingV1NamespacedIngress", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" + ], + "responses": { + "200": { + "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressList" } }, "401": { @@ -66892,28 +65306,45 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "patch", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, - "put": { + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + } + ], + "post": { "consumes": [ "*/*" ], - "description": "replace status of the specified PriorityLevelConfiguration", - "operationId": "replaceFlowcontrolApiserverV1beta1PriorityLevelConfigurationStatus", + "description": "create an Ingress", + "operationId": "createNetworkingV1NamespacedIngress", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, { @@ -66947,13 +65378,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "401": { @@ -66964,35 +65401,76 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas": { - "get": { + "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}": { + "delete": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchFlowcontrolApiserverV1beta1FlowSchemaList", + "description": "delete an Ingress", + "operationId": "deleteNetworkingV1NamespacedIngress", + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "type": "string", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { @@ -67003,107 +65481,31 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchFlowcontrolApiserverV1beta1FlowSchema", + "description": "read the specified Ingress", + "operationId": "readNetworkingV1NamespacedIngress", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "401": { @@ -67114,55 +65516,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the Ingress", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the FlowSchema", + "description": "object name and auth scope, such as for teams and projects", "in": "path", - "name": "name", + "name": "namespace", "required": true, "type": "string", "uniqueItems": true @@ -67173,56 +65548,71 @@ "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations": { - "get": { + ], + "patch": { "consumes": [ - "*/*" + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update the specified Ingress", + "operationId": "patchNetworkingV1NamespacedIngress", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } ], - "description": "watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchFlowcontrolApiserverV1beta1PriorityLevelConfigurationList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "401": { @@ -67233,107 +65623,105 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true + "put": { + "consumes": [ + "*/*" + ], + "description": "replace the specified Ingress", + "operationId": "replaceNetworkingV1NamespacedIngress", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true + "schemes": [ + "https" + ], + "tags": [ + "networking_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } - ] + } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations/{name}": { + "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchFlowcontrolApiserverV1beta1PriorityLevelConfiguration", + "description": "read status of the specified Ingress", + "operationId": "readNetworkingV1NamespacedIngressStatus", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "401": { @@ -67344,55 +65732,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta1" + "networking_v1" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, "parameters": [ { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "name of the Ingress", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the PriorityLevelConfiguration", + "description": "object name and auth scope, such as for teams and projects", "in": "path", - "name": "name", + "name": "namespace", "required": true, "type": "string", "uniqueItems": true @@ -67403,46 +65764,127 @@ "name": "pretty", "type": "string", "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/": { - "get": { + ], + "patch": { "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update status of the specified Ingress", + "operationId": "patchNetworkingV1NamespacedIngressStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ "application/json", "application/yaml", "application/vnd.kubernetes.protobuf" ], - "description": "get available resources", - "operationId": "getFlowcontrolApiserverV1beta2APIResources", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "networking_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace status of the specified Ingress", + "operationId": "replaceNetworkingV1NamespacedIngressStatus", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", @@ -67452,7 +65894,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" } }, "401": { @@ -67463,17 +65911,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" - ] + "networking_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas": { + "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of FlowSchema", - "operationId": "deleteFlowcontrolApiserverV1beta2CollectionFlowSchema", + "description": "delete collection of NetworkPolicy", + "operationId": "deleteNetworkingV1CollectionNamespacedNetworkPolicy", "parameters": [ { "in": "body", @@ -67580,21 +66034,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind FlowSchema", - "operationId": "listFlowcontrolApiserverV1beta2FlowSchema", + "description": "list or watch objects of kind NetworkPolicy", + "operationId": "listNetworkingV1NamespacedNetworkPolicy", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -67671,7 +66125,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchemaList" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyList" } }, "401": { @@ -67682,16 +66136,24 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -67704,15 +66166,15 @@ "consumes": [ "*/*" ], - "description": "create a FlowSchema", - "operationId": "createFlowcontrolApiserverV1beta2FlowSchema", + "description": "create a NetworkPolicy", + "operationId": "createNetworkingV1NamespacedNetworkPolicy", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, { @@ -67746,19 +66208,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -67769,23 +66231,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/{name}": { + "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a FlowSchema", - "operationId": "deleteFlowcontrolApiserverV1beta2FlowSchema", + "description": "delete a NetworkPolicy", + "operationId": "deleteNetworkingV1NamespacedNetworkPolicy", "parameters": [ { "in": "body", @@ -67849,21 +66311,21 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified FlowSchema", - "operationId": "readFlowcontrolApiserverV1beta2FlowSchema", + "description": "read the specified NetworkPolicy", + "operationId": "readNetworkingV1NamespacedNetworkPolicy", "produces": [ "application/json", "application/yaml", @@ -67873,7 +66335,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -67884,24 +66346,32 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "parameters": [ { - "description": "name of the FlowSchema", + "description": "name of the NetworkPolicy", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -67917,8 +66387,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified FlowSchema", - "operationId": "patchFlowcontrolApiserverV1beta2FlowSchema", + "description": "partially update the specified NetworkPolicy", + "operationId": "patchNetworkingV1NamespacedNetworkPolicy", "parameters": [ { "in": "body", @@ -67966,13 +66436,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -67983,28 +66453,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified FlowSchema", - "operationId": "replaceFlowcontrolApiserverV1beta2FlowSchema", + "description": "replace the specified NetworkPolicy", + "operationId": "replaceNetworkingV1NamespacedNetworkPolicy", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, { @@ -68038,13 +66508,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -68055,23 +66525,23 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/{name}/status": { + "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified FlowSchema", - "operationId": "readFlowcontrolApiserverV1beta2FlowSchemaStatus", + "description": "read status of the specified NetworkPolicy", + "operationId": "readNetworkingV1NamespacedNetworkPolicyStatus", "produces": [ "application/json", "application/yaml", @@ -68081,7 +66551,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -68092,24 +66562,32 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "parameters": [ { - "description": "name of the FlowSchema", + "description": "name of the NetworkPolicy", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -68125,8 +66603,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update status of the specified FlowSchema", - "operationId": "patchFlowcontrolApiserverV1beta2FlowSchemaStatus", + "description": "partially update status of the specified NetworkPolicy", + "operationId": "patchNetworkingV1NamespacedNetworkPolicyStatus", "parameters": [ { "in": "body", @@ -68174,13 +66652,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -68191,28 +66669,28 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace status of the specified FlowSchema", - "operationId": "replaceFlowcontrolApiserverV1beta2FlowSchemaStatus", + "description": "replace status of the specified NetworkPolicy", + "operationId": "replaceNetworkingV1NamespacedNetworkPolicyStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, { @@ -68246,13 +66724,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.FlowSchema" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" } }, "401": { @@ -68263,119 +66741,35 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } } }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations": { - "delete": { + "/apis/networking.k8s.io/v1/networkpolicies": { + "get": { "consumes": [ "*/*" ], - "description": "delete collection of PriorityLevelConfiguration", - "operationId": "deleteFlowcontrolApiserverV1beta2CollectionPriorityLevelConfiguration", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], + "description": "list or watch objects of kind NetworkPolicy", + "operationId": "listNetworkingV1NetworkPolicyForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyList" } }, "401": { @@ -68386,86 +66780,95 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "deletecollection", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/networking.k8s.io/v1/watch/ingressclasses": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind PriorityLevelConfiguration", - "operationId": "listFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], + "description": "watch individual changes to a list of IngressClass. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1IngressClassList", "produces": [ "application/json", "application/yaml", @@ -68477,7 +66880,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationList" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -68488,83 +66891,107 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } }, "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", "name": "pretty", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - ], - "post": { + ] + }, + "/apis/networking.k8s.io/v1/watch/ingressclasses/{name}": { + "get": { "consumes": [ "*/*" ], - "description": "create a PriorityLevelConfiguration", - "operationId": "createFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], + "description": "watch changes to an object of kind IngressClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchNetworkingV1IngressClass", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -68575,76 +67002,115 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "post", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" } - } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the IngressClass", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations/{name}": { - "delete": { + "/apis/networking.k8s.io/v1/watch/ingresses": { + "get": { "consumes": [ "*/*" ], - "description": "delete a PriorityLevelConfiguration", - "operationId": "deleteFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], + "description": "watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1IngressListForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -68655,31 +67121,107 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "delete", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] + }, + "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses": { "get": { "consumes": [ "*/*" ], - "description": "read the specified PriorityLevelConfiguration", - "operationId": "readFlowcontrolApiserverV1beta2PriorityLevelConfiguration", + "description": "watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1NamespacedIngressList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -68690,20 +67232,55 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, "parameters": [ { - "description": "name of the PriorityLevelConfiguration", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", "in": "path", - "name": "name", + "name": "namespace", "required": true, "type": "string", "uniqueItems": true @@ -68714,180 +67291,56 @@ "name": "pretty", "type": "string", "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified PriorityLevelConfiguration", - "operationId": "patchFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "401": { - "description": "Unauthorized" - } }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified PriorityLevelConfiguration", - "operationId": "replaceFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "401": { - "description": "Unauthorized" - } + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - } + ] }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations/{name}/status": { + "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses/{name}": { "get": { "consumes": [ "*/*" ], - "description": "read status of the specified PriorityLevelConfiguration", - "operationId": "readFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", + "description": "watch changes to an object of kind Ingress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchNetworkingV1NamespacedIngress", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -68898,6771 +67351,111 @@ "https" ], "tags": [ - "flowcontrolApiserver_v1beta2" + "networking_v1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" } }, "parameters": [ { - "description": "name of the PriorityLevelConfiguration", - "in": "path", - "name": "name", - "required": true, + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", "type": "string", "uniqueItems": true }, { - "description": "If 'true', then the output is pretty printed.", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified PriorityLevelConfiguration", - "operationId": "patchFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified PriorityLevelConfiguration", - "operationId": "replaceFlowcontrolApiserverV1beta2PriorityLevelConfigurationStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" - } - } - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/flowschemas": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchFlowcontrolApiserverV1beta2FlowSchemaList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/flowschemas/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchFlowcontrolApiserverV1beta2FlowSchema", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "FlowSchema", - "version": "v1beta2" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the FlowSchema", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/prioritylevelconfigurations": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchFlowcontrolApiserverV1beta2PriorityLevelConfigurationList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/flowcontrol.apiserver.k8s.io/v1beta2/watch/prioritylevelconfigurations/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchFlowcontrolApiserverV1beta2PriorityLevelConfiguration", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "flowcontrolApiserver_v1beta2" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "flowcontrol.apiserver.k8s.io", - "kind": "PriorityLevelConfiguration", - "version": "v1beta2" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the PriorityLevelConfiguration", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/internal.apiserver.k8s.io/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get information of a group", - "operationId": "getInternalApiserverAPIGroup", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver" - ] - } - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getInternalApiserverV1alpha1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ] - } - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of StorageVersion", - "operationId": "deleteInternalApiserverV1alpha1CollectionStorageVersion", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind StorageVersion", - "operationId": "listInternalApiserverV1alpha1StorageVersion", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersionList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a StorageVersion", - "operationId": "createInternalApiserverV1alpha1StorageVersion", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - } - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a StorageVersion", - "operationId": "deleteInternalApiserverV1alpha1StorageVersion", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified StorageVersion", - "operationId": "readInternalApiserverV1alpha1StorageVersion", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "description": "name of the StorageVersion", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified StorageVersion", - "operationId": "patchInternalApiserverV1alpha1StorageVersion", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified StorageVersion", - "operationId": "replaceInternalApiserverV1alpha1StorageVersion", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - } - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/storageversions/{name}/status": { - "get": { - "consumes": [ - "*/*" - ], - "description": "read status of the specified StorageVersion", - "operationId": "readInternalApiserverV1alpha1StorageVersionStatus", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "description": "name of the StorageVersion", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified StorageVersion", - "operationId": "patchInternalApiserverV1alpha1StorageVersionStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified StorageVersion", - "operationId": "replaceInternalApiserverV1alpha1StorageVersionStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.apiserverinternal.v1alpha1.StorageVersion" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - } - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/watch/storageversions": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of StorageVersion. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchInternalApiserverV1alpha1StorageVersionList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/internal.apiserver.k8s.io/v1alpha1/watch/storageversions/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind StorageVersion. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchInternalApiserverV1alpha1StorageVersion", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "internalApiserver_v1alpha1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "internal.apiserver.k8s.io", - "kind": "StorageVersion", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the StorageVersion", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get information of a group", - "operationId": "getNetworkingAPIGroup", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking" - ] - } - }, - "/apis/networking.k8s.io/v1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getNetworkingV1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ] - } - }, - "/apis/networking.k8s.io/v1/ingressclasses": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of IngressClass", - "operationId": "deleteNetworkingV1CollectionIngressClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind IngressClass", - "operationId": "listNetworkingV1IngressClass", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create an IngressClass", - "operationId": "createNetworkingV1IngressClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/ingressclasses/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete an IngressClass", - "operationId": "deleteNetworkingV1IngressClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified IngressClass", - "operationId": "readNetworkingV1IngressClass", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the IngressClass", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified IngressClass", - "operationId": "patchNetworkingV1IngressClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified IngressClass", - "operationId": "replaceNetworkingV1IngressClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/ingresses": { - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind Ingress", - "operationId": "listNetworkingV1IngressForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of Ingress", - "operationId": "deleteNetworkingV1CollectionNamespacedIngress", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind Ingress", - "operationId": "listNetworkingV1NamespacedIngress", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.IngressList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create an Ingress", - "operationId": "createNetworkingV1NamespacedIngress", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete an Ingress", - "operationId": "deleteNetworkingV1NamespacedIngress", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified Ingress", - "operationId": "readNetworkingV1NamespacedIngress", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the Ingress", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified Ingress", - "operationId": "patchNetworkingV1NamespacedIngress", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified Ingress", - "operationId": "replaceNetworkingV1NamespacedIngress", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status": { - "get": { - "consumes": [ - "*/*" - ], - "description": "read status of the specified Ingress", - "operationId": "readNetworkingV1NamespacedIngressStatus", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the Ingress", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified Ingress", - "operationId": "patchNetworkingV1NamespacedIngressStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified Ingress", - "operationId": "replaceNetworkingV1NamespacedIngressStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.Ingress" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of NetworkPolicy", - "operationId": "deleteNetworkingV1CollectionNamespacedNetworkPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind NetworkPolicy", - "operationId": "listNetworkingV1NamespacedNetworkPolicy", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a NetworkPolicy", - "operationId": "createNetworkingV1NamespacedNetworkPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a NetworkPolicy", - "operationId": "deleteNetworkingV1NamespacedNetworkPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified NetworkPolicy", - "operationId": "readNetworkingV1NamespacedNetworkPolicy", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the NetworkPolicy", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified NetworkPolicy", - "operationId": "patchNetworkingV1NamespacedNetworkPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified NetworkPolicy", - "operationId": "replaceNetworkingV1NamespacedNetworkPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status": { - "get": { - "consumes": [ - "*/*" - ], - "description": "read status of the specified NetworkPolicy", - "operationId": "readNetworkingV1NamespacedNetworkPolicyStatus", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the NetworkPolicy", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified NetworkPolicy", - "operationId": "patchNetworkingV1NamespacedNetworkPolicyStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified NetworkPolicy", - "operationId": "replaceNetworkingV1NamespacedNetworkPolicyStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - } - }, - "/apis/networking.k8s.io/v1/networkpolicies": { - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind NetworkPolicy", - "operationId": "listNetworkingV1NetworkPolicyForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/ingressclasses": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of IngressClass. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNetworkingV1IngressClassList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/ingressclasses/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind IngressClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchNetworkingV1IngressClass", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the IngressClass", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/ingresses": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNetworkingV1IngressListForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNetworkingV1NamespacedIngressList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind Ingress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchNetworkingV1NamespacedIngress", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the Ingress", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNetworkingV1NamespacedNetworkPolicyList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchNetworkingV1NamespacedNetworkPolicy", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the NetworkPolicy", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/networking.k8s.io/v1/watch/networkpolicies": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNetworkingV1NetworkPolicyListForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "networking_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/node.k8s.io/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get information of a group", - "operationId": "getNodeAPIGroup", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node" - ] - } - }, - "/apis/node.k8s.io/v1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getNodeV1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ] - } - }, - "/apis/node.k8s.io/v1/runtimeclasses": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of RuntimeClass", - "operationId": "deleteNodeV1CollectionRuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind RuntimeClass", - "operationId": "listNodeV1RuntimeClass", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClassList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a RuntimeClass", - "operationId": "createNodeV1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - } - }, - "/apis/node.k8s.io/v1/runtimeclasses/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a RuntimeClass", - "operationId": "deleteNodeV1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified RuntimeClass", - "operationId": "readNodeV1RuntimeClass", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "name of the RuntimeClass", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified RuntimeClass", - "operationId": "patchNodeV1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified RuntimeClass", - "operationId": "replaceNodeV1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - } - }, - "/apis/node.k8s.io/v1/watch/runtimeclasses": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNodeV1RuntimeClassList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/node.k8s.io/v1/watch/runtimeclasses/{name}": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchNodeV1RuntimeClass", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1" - ], - "x-kubernetes-action": "watch", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "name of the RuntimeClass", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/node.k8s.io/v1beta1/": { - "get": { - "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "description": "get available resources", - "operationId": "getNodeV1beta1APIResources", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ] - } - }, - "/apis/node.k8s.io/v1beta1/runtimeclasses": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete collection of RuntimeClass", - "operationId": "deleteNodeV1beta1CollectionRuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind RuntimeClass", - "operationId": "listNodeV1beta1RuntimeClass", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClassList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a RuntimeClass", - "operationId": "createNodeV1beta1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - } - }, - "/apis/node.k8s.io/v1beta1/runtimeclasses/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a RuntimeClass", - "operationId": "deleteNodeV1beta1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "read the specified RuntimeClass", - "operationId": "readNodeV1beta1RuntimeClass", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "name of the RuntimeClass", - "in": "path", - "name": "name", - "required": true, + "name": "fieldSelector", "type": "string", "uniqueItems": true }, { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update the specified RuntimeClass", - "operationId": "patchNodeV1beta1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace the specified RuntimeClass", - "operationId": "replaceNodeV1beta1RuntimeClass", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.node.v1beta1.RuntimeClass" - } - }, - "401": { - "description": "Unauthorized" - } + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true }, - "schemes": [ - "https" - ], - "tags": [ - "node_v1beta1" - ], - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "name of the Ingress", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true } - } + ] }, - "/apis/node.k8s.io/v1beta1/watch/runtimeclasses": { + "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchNodeV1beta1RuntimeClassList", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1NamespacedNetworkPolicyList", "produces": [ "application/json", "application/yaml", @@ -75685,13 +67478,13 @@ "https" ], "tags": [ - "node_v1beta1" + "networking_v1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "parameters": [ @@ -75730,6 +67523,14 @@ "type": "integer", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -75767,13 +67568,13 @@ } ] }, - "/apis/node.k8s.io/v1beta1/watch/runtimeclasses/{name}": { + "/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchNodeV1beta1RuntimeClass", + "description": "watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchNetworkingV1NamespacedNetworkPolicy", "produces": [ "application/json", "application/yaml", @@ -75796,13 +67597,13 @@ "https" ], "tags": [ - "node_v1beta1" + "networking_v1" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "node.k8s.io", - "kind": "RuntimeClass", - "version": "v1beta1" + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" } }, "parameters": [ @@ -75842,13 +67643,21 @@ "uniqueItems": true }, { - "description": "name of the RuntimeClass", + "description": "name of the NetworkPolicy", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -75886,25 +67695,25 @@ } ] }, - "/apis/policy/": { + "/apis/networking.k8s.io/v1/watch/networkpolicies": { "get": { "consumes": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" + "*/*" ], - "description": "get information of a group", - "operationId": "getPolicyAPIGroup", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1NetworkPolicyListForAllNamespaces", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -75915,11 +67724,89 @@ "https" ], "tags": [ - "policy" - ] - } + "networking_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] }, - "/apis/policy/v1/": { + "/apis/networking.k8s.io/v1alpha1/": { "get": { "consumes": [ "application/json", @@ -75927,7 +67814,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getPolicyV1APIResources", + "operationId": "getNetworkingV1alpha1APIResources", "produces": [ "application/json", "application/yaml", @@ -75948,17 +67835,17 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ] } }, - "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets": { + "/apis/networking.k8s.io/v1alpha1/clustercidrs": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of PodDisruptionBudget", - "operationId": "deletePolicyV1CollectionNamespacedPodDisruptionBudget", + "description": "delete collection of ClusterCIDR", + "operationId": "deleteNetworkingV1alpha1CollectionClusterCIDR", "parameters": [ { "in": "body", @@ -75996,308 +67883,16 @@ "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1" - ], - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" - } - }, - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind PodDisruptionBudget", - "operationId": "listPolicyV1NamespacedPodDisruptionBudget", - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" - } - }, - "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "post": { - "consumes": [ - "*/*" - ], - "description": "create a PodDisruptionBudget", - "operationId": "createPolicyV1NamespacedPodDisruptionBudget", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1" - ], - "x-kubernetes-action": "post", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" - } - } - }, - "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a PodDisruptionBudget", - "operationId": "deletePolicyV1NamespacedPodDisruptionBudget", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "in": "query", - "name": "dryRun", + "name": "labelSelector", "type": "string", "uniqueItems": true }, { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", "in": "query", - "name": "gracePeriodSeconds", + "name": "limit", "type": "integer", "uniqueItems": true }, @@ -76314,6 +67909,27 @@ "name": "propagationPolicy", "type": "string", "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true } ], "produces": [ @@ -76328,12 +67944,6 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, "401": { "description": "Unauthorized" } @@ -76342,31 +67952,98 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], - "x-kubernetes-action": "delete", + "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified PodDisruptionBudget", - "operationId": "readPolicyV1NamespacedPodDisruptionBudget", + "description": "list or watch objects of kind ClusterCIDR", + "operationId": "listNetworkingV1alpha1ClusterCIDR", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ], "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDRList" } }, "401": { @@ -76377,32 +68054,16 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "parameters": [ - { - "description": "name of the PodDisruptionBudget", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -76411,22 +68072,19 @@ "uniqueItems": true } ], - "patch": { + "post": { "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" + "*/*" ], - "description": "partially update the specified PodDisruptionBudget", - "operationId": "patchPolicyV1NamespacedPodDisruptionBudget", + "description": "create a ClusterCIDR", + "operationId": "createNetworkingV1alpha1ClusterCIDR", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, { @@ -76437,7 +68095,7 @@ "uniqueItems": true }, { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", "in": "query", "name": "fieldManager", "type": "string", @@ -76449,13 +68107,6 @@ "name": "fieldValidation", "type": "string", "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true } ], "produces": [ @@ -76467,13 +68118,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "401": { @@ -76484,28 +68141,29 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], - "x-kubernetes-action": "patch", + "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } - }, - "put": { + } + }, + "/apis/networking.k8s.io/v1alpha1/clustercidrs/{name}": { + "delete": { "consumes": [ "*/*" ], - "description": "replace the specified PodDisruptionBudget", - "operationId": "replacePolicyV1NamespacedPodDisruptionBudget", + "description": "delete a ClusterCIDR", + "operationId": "deleteNetworkingV1alpha1ClusterCIDR", "parameters": [ { "in": "body", "name": "body", - "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" } }, { @@ -76516,16 +68174,23 @@ "uniqueItems": true }, { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", "in": "query", - "name": "fieldManager", - "type": "string", + "name": "gracePeriodSeconds", + "type": "integer", "uniqueItems": true }, { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", "in": "query", - "name": "fieldValidation", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", "type": "string", "uniqueItems": true } @@ -76539,13 +68204,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, - "201": { - "description": "Created", + "202": { + "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { @@ -76556,23 +68221,21 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } - } - }, - "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status": { + }, "get": { "consumes": [ "*/*" ], - "description": "read status of the specified PodDisruptionBudget", - "operationId": "readPolicyV1NamespacedPodDisruptionBudgetStatus", + "description": "read the specified ClusterCIDR", + "operationId": "readNetworkingV1alpha1ClusterCIDR", "produces": [ "application/json", "application/yaml", @@ -76582,7 +68245,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "401": { @@ -76593,32 +68256,24 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "parameters": [ { - "description": "name of the PodDisruptionBudget", + "description": "name of the ClusterCIDR", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -76634,8 +68289,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update status of the specified PodDisruptionBudget", - "operationId": "patchPolicyV1NamespacedPodDisruptionBudgetStatus", + "description": "partially update the specified ClusterCIDR", + "operationId": "patchNetworkingV1alpha1ClusterCIDR", "parameters": [ { "in": "body", @@ -76683,13 +68338,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "401": { @@ -76700,28 +68355,28 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace status of the specified PodDisruptionBudget", - "operationId": "replacePolicyV1NamespacedPodDisruptionBudgetStatus", + "description": "replace the specified ClusterCIDR", + "operationId": "replaceNetworkingV1alpha1ClusterCIDR", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, { @@ -76755,13 +68410,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR" } }, "401": { @@ -76772,134 +68427,23 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } } }, - "/apis/policy/v1/poddisruptionbudgets": { - "get": { - "consumes": [ - "*/*" - ], - "description": "list or watch objects of kind PodDisruptionBudget", - "operationId": "listPolicyV1PodDisruptionBudgetForAllNamespaces", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetList" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1" - ], - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets": { + "/apis/networking.k8s.io/v1alpha1/watch/clustercidrs": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchPolicyV1NamespacedPodDisruptionBudgetList", + "description": "watch individual changes to a list of ClusterCIDR. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNetworkingV1alpha1ClusterCIDRList", "produces": [ "application/json", "application/yaml", @@ -76922,13 +68466,13 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "parameters": [ @@ -76967,14 +68511,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -77012,13 +68548,13 @@ } ] }, - "/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}": { + "/apis/networking.k8s.io/v1alpha1/watch/clustercidrs/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchPolicyV1NamespacedPodDisruptionBudget", + "description": "watch changes to an object of kind ClusterCIDR. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchNetworkingV1alpha1ClusterCIDR", "produces": [ "application/json", "application/yaml", @@ -77041,13 +68577,13 @@ "https" ], "tags": [ - "policy_v1" + "networking_v1alpha1" ], "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" + "group": "networking.k8s.io", + "kind": "ClusterCIDR", + "version": "v1alpha1" } }, "parameters": [ @@ -77087,21 +68623,13 @@ "uniqueItems": true }, { - "description": "name of the PodDisruptionBudget", + "description": "name of the ClusterCIDR", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -77139,25 +68667,25 @@ } ] }, - "/apis/policy/v1/watch/poddisruptionbudgets": { + "/apis/node.k8s.io/": { "get": { "consumes": [ - "*/*" + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" ], - "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchPolicyV1PodDisruptionBudgetListForAllNamespaces", + "description": "get information of a group", + "operationId": "getNodeAPIGroup", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" + "application/vnd.kubernetes.protobuf" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" } }, "401": { @@ -77168,89 +68696,11 @@ "https" ], "tags": [ - "policy_v1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", - "type": "string", - "uniqueItems": true - }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] + "node" + ] + } }, - "/apis/policy/v1beta1/": { + "/apis/node.k8s.io/v1/": { "get": { "consumes": [ "application/json", @@ -77258,7 +68708,7 @@ "application/vnd.kubernetes.protobuf" ], "description": "get available resources", - "operationId": "getPolicyV1beta1APIResources", + "operationId": "getNodeV1APIResources", "produces": [ "application/json", "application/yaml", @@ -77279,17 +68729,17 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ] } }, - "/apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets": { + "/apis/node.k8s.io/v1/runtimeclasses": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of PodDisruptionBudget", - "operationId": "deletePolicyV1beta1CollectionNamespacedPodDisruptionBudget", + "description": "delete collection of RuntimeClass", + "operationId": "deleteNodeV1CollectionRuntimeClass", "parameters": [ { "in": "body", @@ -77396,21 +68846,21 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind PodDisruptionBudget", - "operationId": "listPolicyV1beta1NamespacedPodDisruptionBudget", + "description": "list or watch objects of kind RuntimeClass", + "operationId": "listNodeV1RuntimeClass", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -77487,7 +68937,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudgetList" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClassList" } }, "401": { @@ -77498,24 +68948,16 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "parameters": [ - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -77528,15 +68970,15 @@ "consumes": [ "*/*" ], - "description": "create a PodDisruptionBudget", - "operationId": "createPolicyV1beta1NamespacedPodDisruptionBudget", + "description": "create a RuntimeClass", + "operationId": "createNodeV1RuntimeClass", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, { @@ -77570,19 +69012,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "401": { @@ -77593,23 +69035,23 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } } }, - "/apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}": { + "/apis/node.k8s.io/v1/runtimeclasses/{name}": { "delete": { "consumes": [ "*/*" ], - "description": "delete a PodDisruptionBudget", - "operationId": "deletePolicyV1beta1NamespacedPodDisruptionBudget", + "description": "delete a RuntimeClass", + "operationId": "deleteNodeV1RuntimeClass", "parameters": [ { "in": "body", @@ -77673,21 +69115,21 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "read the specified PodDisruptionBudget", - "operationId": "readPolicyV1beta1NamespacedPodDisruptionBudget", + "description": "read the specified RuntimeClass", + "operationId": "readNodeV1RuntimeClass", "produces": [ "application/json", "application/yaml", @@ -77697,7 +69139,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "401": { @@ -77708,32 +69150,24 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "parameters": [ { - "description": "name of the PodDisruptionBudget", + "description": "name of the RuntimeClass", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -77749,8 +69183,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified PodDisruptionBudget", - "operationId": "patchPolicyV1beta1NamespacedPodDisruptionBudget", + "description": "partially update the specified RuntimeClass", + "operationId": "patchNodeV1RuntimeClass", "parameters": [ { "in": "body", @@ -77798,13 +69232,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "401": { @@ -77815,28 +69249,28 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified PodDisruptionBudget", - "operationId": "replacePolicyV1beta1NamespacedPodDisruptionBudget", + "description": "replace the specified RuntimeClass", + "operationId": "replaceNodeV1RuntimeClass", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, { @@ -77870,13 +69304,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.api.node.v1.RuntimeClass" } }, "401": { @@ -77887,212 +69321,35 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } } }, - "/apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}/status": { - "get": { - "consumes": [ - "*/*" - ], - "description": "read status of the specified PodDisruptionBudget", - "operationId": "readPolicyV1beta1NamespacedPodDisruptionBudgetStatus", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1beta1" - ], - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "name of the PodDisruptionBudget", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, - { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - } - ], - "patch": { - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "description": "partially update status of the specified PodDisruptionBudget", - "operationId": "patchPolicyV1beta1NamespacedPodDisruptionBudgetStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - }, - { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "in": "query", - "name": "force", - "type": "boolean", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1beta1" - ], - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" - } - }, - "put": { - "consumes": [ - "*/*" - ], - "description": "replace status of the specified PodDisruptionBudget", - "operationId": "replacePolicyV1beta1NamespacedPodDisruptionBudgetStatus", - "parameters": [ - { - "in": "body", - "name": "body", - "required": true, - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "in": "query", - "name": "fieldManager", - "type": "string", - "uniqueItems": true - }, - { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "in": "query", - "name": "fieldValidation", - "type": "string", - "uniqueItems": true - } + "/apis/node.k8s.io/v1/watch/runtimeclasses": { + "get": { + "consumes": [ + "*/*" ], + "description": "watch individual changes to a list of RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchNodeV1RuntimeClassList", "produces": [ "application/json", "application/yaml", - "application/vnd.kubernetes.protobuf" + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch" ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudget" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -78103,23 +69360,95 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], - "x-kubernetes-action": "put", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } - } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "type": "string", + "uniqueItems": true + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "type": "integer", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "type": "string", + "uniqueItems": true + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "type": "string", + "uniqueItems": true + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "type": "boolean", + "uniqueItems": true + } + ] }, - "/apis/policy/v1beta1/poddisruptionbudgets": { + "/apis/node.k8s.io/v1/watch/runtimeclasses/{name}": { "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind PodDisruptionBudget", - "operationId": "listPolicyV1beta1PodDisruptionBudgetForAllNamespaces", + "description": "watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchNodeV1RuntimeClass", "produces": [ "application/json", "application/yaml", @@ -78131,7 +69460,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodDisruptionBudgetList" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "401": { @@ -78142,13 +69471,13 @@ "https" ], "tags": [ - "policy_v1beta1" + "node_v1" ], - "x-kubernetes-action": "list", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodDisruptionBudget", - "version": "v1beta1" + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" } }, "parameters": [ @@ -78187,6 +69516,14 @@ "type": "integer", "uniqueItems": true }, + { + "description": "name of the RuntimeClass", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -78224,13 +69561,79 @@ } ] }, - "/apis/policy/v1beta1/podsecuritypolicies": { + "/apis/policy/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get information of a group", + "operationId": "getPolicyAPIGroup", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy" + ] + } + }, + "/apis/policy/v1/": { + "get": { + "consumes": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "description": "get available resources", + "operationId": "getPolicyV1APIResources", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy_v1" + ] + } + }, + "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets": { "delete": { "consumes": [ "*/*" ], - "description": "delete collection of PodSecurityPolicy", - "operationId": "deletePolicyV1beta1CollectionPodSecurityPolicy", + "description": "delete collection of PodDisruptionBudget", + "operationId": "deletePolicyV1CollectionNamespacedPodDisruptionBudget", "parameters": [ { "in": "body", @@ -78337,21 +69740,21 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } }, "get": { "consumes": [ "*/*" ], - "description": "list or watch objects of kind PodSecurityPolicy", - "operationId": "listPolicyV1beta1PodSecurityPolicy", + "description": "list or watch objects of kind PodDisruptionBudget", + "operationId": "listPolicyV1NamespacedPodDisruptionBudget", "parameters": [ { "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", @@ -78428,7 +69831,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicyList" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetList" } }, "401": { @@ -78439,16 +69842,24 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } }, "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -78461,15 +69872,315 @@ "consumes": [ "*/*" ], - "description": "create a PodSecurityPolicy", - "operationId": "createPolicyV1beta1PodSecurityPolicy", + "description": "create a PodDisruptionBudget", + "operationId": "createPolicyV1NamespacedPodDisruptionBudget", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + } + }, + "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}": { + "delete": { + "consumes": [ + "*/*" + ], + "description": "delete a PodDisruptionBudget", + "operationId": "deletePolicyV1NamespacedPodDisruptionBudget", + "parameters": [ + { + "in": "body", + "name": "body", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "type": "integer", + "uniqueItems": true + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "type": "boolean", + "uniqueItems": true + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "type": "string", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + }, + "get": { + "consumes": [ + "*/*" + ], + "description": "read the specified PodDisruptionBudget", + "operationId": "readPolicyV1NamespacedPodDisruptionBudget", + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PodDisruptionBudget", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, + { + "description": "If 'true', then the output is pretty printed.", + "in": "query", + "name": "pretty", + "type": "string", + "uniqueItems": true + } + ], + "patch": { + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "description": "partially update the specified PodDisruptionBudget", + "operationId": "patchPolicyV1NamespacedPodDisruptionBudget", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "type": "string", + "uniqueItems": true + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "type": "string", + "uniqueItems": true + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "type": "boolean", + "uniqueItems": true + } + ], + "produces": [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf" + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "schemes": [ + "https" + ], + "tags": [ + "policy_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + }, + "put": { + "consumes": [ + "*/*" + ], + "description": "replace the specified PodDisruptionBudget", + "operationId": "replacePolicyV1NamespacedPodDisruptionBudget", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, { @@ -78503,19 +70214,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "401": { @@ -78526,101 +70231,23 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], - "x-kubernetes-action": "post", + "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } } }, - "/apis/policy/v1beta1/podsecuritypolicies/{name}": { - "delete": { - "consumes": [ - "*/*" - ], - "description": "delete a PodSecurityPolicy", - "operationId": "deletePolicyV1beta1PodSecurityPolicy", - "parameters": [ - { - "in": "body", - "name": "body", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - }, - { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "in": "query", - "name": "dryRun", - "type": "string", - "uniqueItems": true - }, - { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "in": "query", - "name": "gracePeriodSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "in": "query", - "name": "orphanDependents", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "in": "query", - "name": "propagationPolicy", - "type": "string", - "uniqueItems": true - } - ], - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" - } - }, - "202": { - "description": "Accepted", - "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1beta1" - ], - "x-kubernetes-action": "delete", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" - } - }, + "/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status": { "get": { "consumes": [ "*/*" ], - "description": "read the specified PodSecurityPolicy", - "operationId": "readPolicyV1beta1PodSecurityPolicy", + "description": "read status of the specified PodDisruptionBudget", + "operationId": "readPolicyV1NamespacedPodDisruptionBudgetStatus", "produces": [ "application/json", "application/yaml", @@ -78630,7 +70257,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "401": { @@ -78641,24 +70268,32 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } }, "parameters": [ { - "description": "name of the PodSecurityPolicy", + "description": "name of the PodDisruptionBudget", "in": "path", "name": "name", "required": true, "type": "string", "uniqueItems": true }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "type": "string", + "uniqueItems": true + }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -78674,8 +70309,8 @@ "application/strategic-merge-patch+json", "application/apply-patch+yaml" ], - "description": "partially update the specified PodSecurityPolicy", - "operationId": "patchPolicyV1beta1PodSecurityPolicy", + "description": "partially update status of the specified PodDisruptionBudget", + "operationId": "patchPolicyV1NamespacedPodDisruptionBudgetStatus", "parameters": [ { "in": "body", @@ -78723,13 +70358,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "401": { @@ -78740,28 +70375,28 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } }, "put": { "consumes": [ "*/*" ], - "description": "replace the specified PodSecurityPolicy", - "operationId": "replacePolicyV1beta1PodSecurityPolicy", + "description": "replace status of the specified PodDisruptionBudget", + "operationId": "replacePolicyV1NamespacedPodDisruptionBudgetStatus", "parameters": [ { "in": "body", "name": "body", "required": true, "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, { @@ -78795,13 +70430,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/io.k8s.api.policy.v1beta1.PodSecurityPolicy" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudget" } }, "401": { @@ -78812,23 +70447,23 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } } }, - "/apis/policy/v1beta1/watch/namespaces/{namespace}/poddisruptionbudgets": { + "/apis/policy/v1/poddisruptionbudgets": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchPolicyV1beta1NamespacedPodDisruptionBudgetList", + "description": "list or watch objects of kind PodDisruptionBudget", + "operationId": "listPolicyV1PodDisruptionBudgetForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -78840,7 +70475,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetList" } }, "401": { @@ -78851,13 +70486,13 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "policy", "kind": "PodDisruptionBudget", - "version": "v1beta1" + "version": "v1" } }, "parameters": [ @@ -78896,14 +70531,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "object name and auth scope, such as for teams and projects", - "in": "path", - "name": "namespace", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -78941,13 +70568,13 @@ } ] }, - "/apis/policy/v1beta1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}": { + "/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchPolicyV1beta1NamespacedPodDisruptionBudget", + "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchPolicyV1NamespacedPodDisruptionBudgetList", "produces": [ "application/json", "application/yaml", @@ -78970,13 +70597,13 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "policy", "kind": "PodDisruptionBudget", - "version": "v1beta1" + "version": "v1" } }, "parameters": [ @@ -79015,14 +70642,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "name of the PodDisruptionBudget", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "object name and auth scope, such as for teams and projects", "in": "path", @@ -79068,13 +70687,13 @@ } ] }, - "/apis/policy/v1beta1/watch/poddisruptionbudgets": { + "/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}": { "get": { "consumes": [ "*/*" ], - "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchPolicyV1beta1PodDisruptionBudgetListForAllNamespaces", + "description": "watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchPolicyV1NamespacedPodDisruptionBudget", "produces": [ "application/json", "application/yaml", @@ -79097,13 +70716,13 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "policy", "kind": "PodDisruptionBudget", - "version": "v1beta1" + "version": "v1" } }, "parameters": [ @@ -79143,116 +70762,21 @@ "uniqueItems": true }, { - "description": "If 'true', then the output is pretty printed.", - "in": "query", - "name": "pretty", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersion", - "type": "string", - "uniqueItems": true - }, - { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "in": "query", - "name": "resourceVersionMatch", - "type": "string", - "uniqueItems": true - }, - { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "in": "query", - "name": "timeoutSeconds", - "type": "integer", - "uniqueItems": true - }, - { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "in": "query", - "name": "watch", - "type": "boolean", - "uniqueItems": true - } - ] - }, - "/apis/policy/v1beta1/watch/podsecuritypolicies": { - "get": { - "consumes": [ - "*/*" - ], - "description": "watch individual changes to a list of PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchPolicyV1beta1PodSecurityPolicyList", - "produces": [ - "application/json", - "application/yaml", - "application/vnd.kubernetes.protobuf", - "application/json;stream=watch", - "application/vnd.kubernetes.protobuf;stream=watch" - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "schemes": [ - "https" - ], - "tags": [ - "policy_v1beta1" - ], - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { - "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" - } - }, - "parameters": [ - { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "in": "query", - "name": "allowWatchBookmarks", - "type": "boolean", - "uniqueItems": true - }, - { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "in": "query", - "name": "continue", - "type": "string", - "uniqueItems": true - }, - { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "in": "query", - "name": "fieldSelector", + "description": "name of the PodDisruptionBudget", + "in": "path", + "name": "name", + "required": true, "type": "string", "uniqueItems": true }, { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "in": "query", - "name": "labelSelector", + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, "type": "string", "uniqueItems": true }, - { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "in": "query", - "name": "limit", - "type": "integer", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", @@ -79290,13 +70814,13 @@ } ] }, - "/apis/policy/v1beta1/watch/podsecuritypolicies/{name}": { + "/apis/policy/v1/watch/poddisruptionbudgets": { "get": { "consumes": [ "*/*" ], - "description": "watch changes to an object of kind PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchPolicyV1beta1PodSecurityPolicy", + "description": "watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchPolicyV1PodDisruptionBudgetListForAllNamespaces", "produces": [ "application/json", "application/yaml", @@ -79319,13 +70843,13 @@ "https" ], "tags": [ - "policy_v1beta1" + "policy_v1" ], - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "policy", - "kind": "PodSecurityPolicy", - "version": "v1beta1" + "kind": "PodDisruptionBudget", + "version": "v1" } }, "parameters": [ @@ -79364,14 +70888,6 @@ "type": "integer", "uniqueItems": true }, - { - "description": "name of the PodSecurityPolicy", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "uniqueItems": true - }, { "description": "If 'true', then the output is pretty printed.", "in": "query", diff --git a/api-ref-assets/config/fields.yaml b/api-ref-assets/config/fields.yaml index 71cffef523d09..66055f92f24ce 100644 --- a/api-ref-assets/config/fields.yaml +++ b/api-ref-assets/config/fields.yaml @@ -4,6 +4,7 @@ fields: - containers - initContainers + - ephemeralContainers - imagePullSecrets - enableServiceLinks - os @@ -20,7 +21,9 @@ - runtimeClassName - priorityClassName - priority + - preemptionPolicy - topologySpreadConstraints + - overhead - name: Lifecycle fields: - restartPolicy @@ -48,11 +51,9 @@ - name: Security context fields: - securityContext - - name: Beta level + - name: Alpha level fields: - - ephemeralContainers - - preemptionPolicy - - overhead + - hostUsers - name: Deprecated fields: - serviceAccount @@ -384,6 +385,9 @@ fields: - selector - manualSelector + - name: Alpha level + fields: + - podFailurePolicy - definition: io.k8s.api.batch.v1.JobStatus field_categories: @@ -396,7 +400,7 @@ - completedIndexes - conditions - uncountedTerminatedPods - - name: Alpha level + - name: Beta level fields: - ready @@ -525,6 +529,7 @@ - cephfs - cinder - csi + - ephemeral - fc - flexVolume - flocker @@ -539,9 +544,6 @@ - scaleIO - storageos - vsphereVolume - - name: Alpha level - fields: - - ephemeral - name: Deprecated fields: - gitRepo @@ -591,7 +593,7 @@ - volumeName - storageClassName - volumeMode - - name: Alpha level + - name: Beta level fields: - dataSource - dataSourceRef @@ -714,6 +716,3 @@ - resourceVersion - selfLink - uid - - name: Ignored - fields: - - clusterName diff --git a/api-ref-assets/config/toc.yaml b/api-ref-assets/config/toc.yaml index 78475b137f81a..621e3f8165800 100644 --- a/api-ref-assets/config/toc.yaml +++ b/api-ref-assets/config/toc.yaml @@ -179,9 +179,6 @@ parts: - name: PodDisruptionBudget group: policy version: v1 - - name: PodSecurityPolicy - group: policy - version: v1beta1 - name: Extend Resources chapters: - name: CustomResourceDefinition @@ -230,6 +227,9 @@ parts: - name: ComponentStatus group: "" version: v1 + - name: ClusterCIDR + group: networking.k8s.io + version: v1alpha1 - name: Common Definitions chapters: - name: DeleteOptions diff --git a/config.toml b/config.toml index 5f57ed324885a..99f765dd0cb24 100644 --- a/config.toml +++ b/config.toml @@ -139,10 +139,10 @@ time_format_default = "January 02, 2006 at 3:04 PM PST" description = "Production-Grade Container Orchestration" showedit = true -latest = "v1.24" +latest = "v1.25" -fullversion = "v1.24.0" -version = "v1.24" +fullversion = "v1.25.0" +version = "v1.25" githubbranch = "main" docsbranch = "main" deprecated = false @@ -169,6 +169,9 @@ algolia_docsearch = false # Enable Lunr.js offline search offlineSearch = false +# Official CVE feed bucket URL +cveFeedBucket = "https://storage.googleapis.com/k8s-cve-feed/official-cve-feed.json" + [params.pushAssets] css = [ "callouts", @@ -179,40 +182,40 @@ js = [ ] [[params.versions]] -fullversion = "v1.24.0" -version = "v1.24" -githubbranch = "v1.24.0" +fullversion = "v1.25.0" +version = "v1.25" +githubbranch = "v1.25.0" docsbranch = "main" url = "https://kubernetes.io" [[params.versions]] -fullversion = "v1.23.6" +fullversion = "v1.24.2" +version = "v1.24" +githubbranch = "v1.24.2" +docsbranch = "release-1.24" +url = "https://v1-24.docs.kubernetes.io" + +[[params.versions]] +fullversion = "v1.23.8" version = "v1.23" -githubbranch = "v1.23.6" +githubbranch = "v1.23.8" docsbranch = "release-1.23" url = "https://v1-23.docs.kubernetes.io" [[params.versions]] -fullversion = "v1.22.9" +fullversion = "v1.22.11" version = "v1.22" -githubbranch = "v1.22.9" +githubbranch = "v1.22.11" docsbranch = "release-1.22" url = "https://v1-22.docs.kubernetes.io" [[params.versions]] -fullversion = "v1.21.12" +fullversion = "v1.21.14" version = "v1.21" -githubbranch = "v1.21.12" +githubbranch = "v1.21.14" docsbranch = "release-1.21" url = "https://v1-21.docs.kubernetes.io" -[[params.versions]] -fullversion = "v1.20.15" -version = "v1.20" -githubbranch = "v1.20.15" -docsbranch = "release-1.20" -url = "https://v1-20.docs.kubernetes.io" - # User interface configuration [params.ui] # Enable to show the side bar menu in its compact state. diff --git a/content/en/docs/concepts/architecture/cgroups.md b/content/en/docs/concepts/architecture/cgroups.md new file mode 100644 index 0000000000000..b571d2484d57c --- /dev/null +++ b/content/en/docs/concepts/architecture/cgroups.md @@ -0,0 +1,126 @@ +--- +title: About cgroup v2 +content_type: concept +weight: 50 +--- + + + +On Linux, {{< glossary_tooltip text="control groups" term_id="cgroup" >}} +constrain resources that are allocated to processes. + +The {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and the +underlying container runtime need to interface with cgroups to enforce +[resource mangement for pods and containers](/docs/concepts/configuration/manage-resources-containers/) which +includes cpu/memory requests and limits for containerized workloads. + +There are two versions of cgroups in Linux: cgroup v1 and cgroup v2. cgroup v2 is +the new generation of the `cgroup` API. + + + + +## What is cgroup v2? {#cgroup-v2} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} + +cgroup v2 is the next version of the Linux `cgroup` API. cgroup v2 provides a +unified control system with enhanced resource management +capabilities. + +cgroup v2 offers several improvements over cgroup v1, such as the following: + +- Single unified hierarchy design in API +- Safer sub-tree delegation to containers +- Newer features like [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html) +- Enhanced resource allocation management and isolation across multiple resources + - Unified accounting for different types of memory allocations (network memory, kernel memory, etc) + - Accounting for non-immediate resource changes such as page cache write backs + +Some Kubernetes features exclusively use cgroup v2 for enhanced resource +management and isolation. For example, the +[MemoryQoS](/blog/2021/11/26/qos-memory-resources/) feature improves memory QoS +and relies on cgroup v2 primitives. + + +## Using cgroup v2 {#using-cgroupv2} + +The recommended way to use cgroup v2 is to use a Linux distribution that +enables and uses cgroup v2 by default. + +To check if your distribution uses cgroup v2, refer to [Identify cgroup version on Linux nodes](#check-cgroup-version). + +### Requirements + +cgroup v2 has the following requirements: + +* OS distribution enables cgroup v2 +* Linux Kernel version is 5.8 or later +* Container runtime supports cgroup v2. For example: + * [containerd](https://containerd.io/) v1.4 and later + * [cri-o](https://cri-o.io/) v1.20 and later +* The kubelet and the container runtime are configured to use the [systemd cgroup driver](/docs/setup/production-environment/container-runtimes#systemd-cgroup-driver) + +### Linux Distribution cgroup v2 support + +For a list of Linux distributions that use cgroup v2, refer to the [cgroup v2 documentation](https://github.com/opencontainers/runc/blob/main/docs/cgroup-v2.md) + + +* Container Optimized OS (since M97) +* Ubuntu (since 21.10, 22.04+ recommended) +* Debian GNU/Linux (since Debian 11 bullseye) +* Fedora (since 31) +* Arch Linux (since April 2021) +* RHEL and RHEL-like distributions (since 9) + +To check if your distribution is using cgroup v2, refer to your distribution's +documentation or follow the instructions in [Identify the cgroup version on Linux nodes](#check-cgroup-version). + +You can also enable cgroup v2 manually on your Linux distribution by modifying +the kernel cmdline boot arguments. If your distribution uses GRUB, +`systemd.unified_cgroup_hierarchy=1` should be added in `GRUB_CMDLINE_LINUX` +under `/etc/default/grub`, followed by `sudo update-grub`. However, the +recommended approach is to use a distribution that already enables cgroup v2 by +default. + +### Migrating to cgroup v2 {#migrating-cgroupv2} + +To migrate to cgroup v2, ensure that you meet the [requirements](#requirements), then upgrade +to a kernel version that enables cgroup v2 by default. + +The kubelet automatically detects that the OS is running on cgroup v2 and +performs accordingly with no additional configuration required. + +There should not be any noticeable difference in the user experience when +switching to cgroup v2, unless users are accessing the cgroup file system +directly, either on the node or from within the containers. + +cgroup v2 uses a different API than cgroup v1, so if there are any +applications that directly access the cgroup file system, they need to be +updated to newer versions that support cgroup v2. For example: + +* Some third-party monitoring and security agents may depend on the cgroup filesystem. + Update these agents to versions that support cgroup v2. +* If you run [cAdvisor](https://github.com/google/cadvisor) as a stand-alone + DaemonSet for monitoring pods and containers, update it to v0.43.0 or later. +* If you use JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which [fully support cgroup v2](https://bugs.openjdk.org/browse/JDK-8230305). + +## Identify the cgroup version on Linux Nodes {#check-cgroup-version} + +The cgroup version depends on on the Linux distribution being used and the +default cgroup version configured on the OS. To check which cgroup version your +distribution uses, run the `stat -fc %T /sys/fs/cgroup/` command on +the node: + +```shell +stat -fc %T /sys/fs/cgroup/ +``` + +For cgroup v2, the output is `cgroup2fs`. + +For cgroup v1, the output is `tmpfs.` + +## {{% heading "whatsnext" %}} + +- Learn more about [cgroups](https://man7.org/linux/man-pages/man7/cgroups.7.html) +- Learn more about [container runtime](/docs/concepts/architecture/cri) +- Learn more about [cgroup drivers](/docs/setup/production-environment/container-runtimes#cgroup-drivers) diff --git a/content/en/docs/concepts/cluster-administration/system-traces.md b/content/en/docs/concepts/cluster-administration/system-traces.md index f324604b16bda..9f1e4e7b06720 100644 --- a/content/en/docs/concepts/cluster-administration/system-traces.md +++ b/content/en/docs/concepts/cluster-administration/system-traces.md @@ -61,7 +61,7 @@ as the kube-apiserver is often a public endpoint. To enable tracing, enable the `APIServerTracing` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) -on the kube-apiserver. Also, provide the kube-apiserver with a tracing configration file +on the kube-apiserver. Also, provide the kube-apiserver with a tracing configuration file with `--tracing-config-file=`. This is an example config that records spans for 1 in 10000 requests, and uses the default OpenTelemetry endpoint: @@ -76,6 +76,35 @@ samplingRatePerMillion: 100 For more information about the `TracingConfiguration` struct, see [API server config API (v1alpha1)](/docs/reference/config-api/apiserver-config.v1alpha1/#apiserver-k8s-io-v1alpha1-TracingConfiguration). +### kubelet traces + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +The kubelet CRI interface and authenticated http servers are instrumented to generate +trace spans. As with the apiserver, the endpoint and sampling rate are configurable. +Trace context propagation is also configured. A parent span's sampling decision is always respected. +A provided tracing configuration sampling rate will apply to spans without a parent. +Enabled without a configured endpoint, the default OpenTelemetry Collector reciever address of "localhost:4317" is set. + +#### Enabling tracing in the kubelet + +To enable tracing, enable the `KubeletTracing` +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +on the kubelet. Also, provide the kubelet with a +[tracing configuration](https://github.com/kubernetes/component-base/blob/release-1.25/tracing/api/v1/types.go). +This is an example snippet of a kubelet config that records spans for 1 in 10000 requests, and uses the default OpenTelemetry endpoint: + +```yaml +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +featureGates: + KubeletTracing: true +tracing: + # default value + #endpoint: localhost:4317 + samplingRatePerMillion: 100 +``` + ## Stability Tracing instrumentation is still under active development, and may change diff --git a/content/en/docs/concepts/configuration/manage-resources-containers.md b/content/en/docs/concepts/configuration/manage-resources-containers.md index 9428da09e3124..7975563563ef8 100644 --- a/content/en/docs/concepts/configuration/manage-resources-containers.md +++ b/content/en/docs/concepts/configuration/manage-resources-containers.md @@ -236,7 +236,7 @@ directly or from your monitoring tools. ## Local ephemeral storage -{{< feature-state for_k8s_version="v1.10" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} Nodes have local ephemeral storage, backed by locally-attached writeable devices or, sometimes, by RAM. @@ -306,13 +306,15 @@ as you like. {{< /tabs >}} The kubelet can measure how much local storage it is using. It does this provided -that: +that you have set up the node using one of the supported configurations for local +ephemeral storage. - the `LocalStorageCapacityIsolation` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) - is enabled (the feature is on by default), and -- you have set up the node using one of the supported configurations - for local ephemeral storage. + is enabled (the feature is on by default), and you have set up the node using one + of the supported configurations for local ephemeral storage. +- Quotas are faster and more accurate than directory scanning. The + `LocalStorageCapacityIsolationFSQuotaMonitoring` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled (the feature is on by default), If you have a different configuration, then the kubelet does not apply resource limits for ephemeral local storage. @@ -446,7 +448,7 @@ that file but the kubelet does not categorize the space as in use. {{% /tab %}} {{% tab name="Filesystem project quota" %}} -{{< feature-state for_k8s_version="v1.15" state="alpha" >}} +{{< feature-state for_k8s_version="v1.25" state="beta" >}} Project quotas are an operating-system level feature for managing storage use on filesystems. With Kubernetes, you can enable project diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index 594767af97e79..b8a0a9c2f9a81 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -566,7 +566,7 @@ metadata: spec: containers: - name: test-container - image: k8s.gcr.io/busybox + image: registry.k8s.io/busybox command: [ "/bin/sh", "-c", "env" ] envFrom: - secretRef: @@ -794,7 +794,7 @@ spec: secretName: dotfile-secret containers: - name: dotfile-test-container - image: k8s.gcr.io/busybox + image: registry.k8s.io/busybox command: - ls - "-l" diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index 6f265f57f34cc..137afce0f0f82 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -68,7 +68,7 @@ metadata: spec: containers: - name: demo-container-1 - image: k8s.gcr.io/pause:2.0 + image: registry.k8s.io/pause:2.0 resources: limits: hardware-vendor.example/foo: 2 diff --git a/content/en/docs/concepts/overview/working-with-objects/labels.md b/content/en/docs/concepts/overview/working-with-objects/labels.md index fe590402ae3b3..55b1a5d032ad7 100644 --- a/content/en/docs/concepts/overview/working-with-objects/labels.md +++ b/content/en/docs/concepts/overview/working-with-objects/labels.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: cuda-test - image: "k8s.gcr.io/cuda-vector-add:v0.1" + image: "registry.k8s.io/cuda-vector-add:v0.1" resources: limits: nvidia.com/gpu: 1 diff --git a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md index 77f4d1ea55362..060338ff42302 100644 --- a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md +++ b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md @@ -48,7 +48,8 @@ Pod topology spread constraints offer you a declarative way to configure that. ## `topologySpreadConstraints` field -The Pod API includes a field, `spec.topologySpreadConstraints`. Here is an example: +The Pod API includes a field, `spec.topologySpreadConstraints`. The usage of this field looks like +the following: ```yaml --- @@ -60,14 +61,18 @@ spec: # Configure a topology spread constraint topologySpreadConstraints: - maxSkew: - minDomains: # optional; alpha since v1.24 + minDomains: # optional; beta since v1.25 topologyKey: whenUnsatisfiable: labelSelector: + matchLabelKeys: # optional; alpha since v1.25 + nodeAffinityPolicy: [Honor|Ignore] # optional; alpha since v1.25 + nodeTaintsPolicy: [Honor|Ignore] # optional; alpha since v1.25 ### other Pod fields go here ``` -You can read more about this field by running `kubectl explain Pod.spec.topologySpreadConstraints`. +You can read more about this field by running `kubectl explain Pod.spec.topologySpreadConstraints` or +refer to [scheduling](/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) section of the API reference for Pod. ### Spread constraint definition @@ -82,9 +87,9 @@ your cluster. Those fields are: - if you select `whenUnsatisfiable: DoNotSchedule`, then `maxSkew` defines the maximum permitted difference between the number of matching pods in the target topology and the _global minimum_ - (the minimum number of pods that match the label selector in a topology domain). - For example, if you have 3 zones with 2, 4 and 5 matching pods respectively, - then the global minimum is 2 and `maxSkew` is compared relative to that number. + (the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains). + For example, if you have 3 zones with 2, 2 and 1 matching pods respectively, + `MaxSkew` is set to 1 then the global minimum is 1. - if you select `whenUnsatisfiable: ScheduleAnyway`, the scheduler gives higher precedence to topologies that would help reduce the skew. @@ -93,9 +98,8 @@ your cluster. Those fields are: nodes match the node selector. {{< note >}} - The `minDomains` field is an alpha field added in 1.24. You have to enable the - `MinDomainsInPodToplogySpread` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) - in order to use it. + The `minDomains` field is a beta field and enabled by default in 1.25. You can disable it by disabling the + `MinDomainsInPodToplogySpread` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/). {{< /note >}} - The value of `minDomains` must be greater than 0, when specified. @@ -108,10 +112,12 @@ your cluster. Those fields are: `minDomains`, this value has no effect on scheduling. - If you do not specify `minDomains`, the constraint behaves as if `minDomains` is 1. -- **topologyKey** is the key of [node labels](#node-labels). If two Nodes are labelled - with this key and have identical values for that label, the scheduler treats both - Nodes as being in the same topology. The scheduler tries to place a balanced number - of Pods into each topology domain. +- **topologyKey** is the key of [node labels](#node-labels). Nodes that have a label with this key + and identical values are considered to be in the same topology. + We call each instance of a topology (in other words, a pair) a domain. The scheduler + will try to put a balanced number of pods into each domain. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. - **whenUnsatisfiable** indicates how to deal with a Pod if it doesn't satisfy the spread constraint: - `DoNotSchedule` (default) tells the scheduler not to schedule it. @@ -123,6 +129,54 @@ your cluster. Those fields are: See [Label Selectors](/docs/concepts/overview/working-with-objects/labels/#label-selectors) for more details. +- **matchLabelKeys** is a list of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the pod labels, those key-value labels are ANDed with `labelSelector` to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the pod labels will be ignored. A null or empty list means only match against the `labelSelector`. + + With `matchLabelKeys`, users don't need to update the `pod.spec` between different revisions. The controller/operator just needs to set different values to the same `label` key for different revisions. The scheduler will assume the values automatically based on `matchLabelKeys`. For example, if users use Deployment, they can use the label keyed with `pod-template-hash`, which is added automatically by the Deployment controller, to distinguish between different revisions in a single Deployment. + + ```yaml + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + matchLabelKeys: + - app + - pod-template-hash + ``` + + {{< note >}} + The `matchLabelKeys` field is an alpha field added in 1.25. You have to enable the + `MatchLabelKeysInPodTopologySpread` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) + in order to use it. + {{< /note >}} + +- **nodeAffinityPolicy** indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is null, the behavior is equivalent to the Honor policy. + + {{< note >}} + The `nodeAffinityPolicy` is an alpha-level field added in 1.25. You have to enable the + `NodeInclusionPolicyInPodTopologySpread` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) + in order to use it. + {{< /note >}} + +- **nodeTaintsPolicy** indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is null, the behavior is equivalent to the Ignore policy. + + {{< note >}} + The `nodeTaintsPolicy` is an alpha-level field added in 1.25. You have to enable the + `NodeInclusionPolicyInPodTopologySpread` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) + in order to use it. + {{< /note >}} + When a Pod defines more than one `topologySpreadConstraint`, those constraints are combined using a logical AND operation: the kube-scheduler looks for a node for the incoming Pod that satisfies all the configured constraints. @@ -556,7 +610,8 @@ section of the enhancement proposal about Pod topology spread constraints. cluster. This could lead to a problem in autoscaled clusters, when a node pool (or node group) is scaled to zero nodes, and you're expecting the cluster to scale up, because, in this case, those topology domains won't be considered until there is - at least one node in them. + at least one node in them. + You can work around this by using an cluster autoscaling tool that is aware of Pod topology spread constraints and is also aware of the overall set of topology domains. diff --git a/content/en/docs/concepts/security/pod-security-admission.md b/content/en/docs/concepts/security/pod-security-admission.md index 60f87c04d9e09..57e4fd98003b5 100644 --- a/content/en/docs/concepts/security/pod-security-admission.md +++ b/content/en/docs/concepts/security/pod-security-admission.md @@ -8,60 +8,26 @@ description: > Standards. content_type: concept weight: 20 -min-kubernetes-server-version: v1.22 --- -{{< feature-state for_k8s_version="v1.23" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} The Kubernetes [Pod Security Standards](/docs/concepts/security/pod-security-standards/) define different isolation levels for Pods. These standards let you define how you want to restrict the behavior of pods in a clear, consistent fashion. -As a beta feature, Kubernetes offers a built-in _Pod Security_ {{< glossary_tooltip -text="admission controller" term_id="admission-controller" >}}, the successor -to [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/). Pod security restrictions -are applied at the {{< glossary_tooltip text="namespace" term_id="namespace" >}} level when pods -are created. - -{{< note >}} -The PodSecurityPolicy API is deprecated and will be -[removed](/docs/reference/using-api/deprecation-guide/#v1-25) from Kubernetes in v1.25. -{{< /note >}} - - -## {{% heading "prerequisites" %}} - -To use this mechanism, your cluster must enforce Pod Security admission. +Kubernetes offers a built-in _Pod Security_ {{< glossary_tooltip text="admission controller" +term_id="admission-controller" >}} to enforce the Pod Security Standards. Pod security restrictions +are applied at the {{< glossary_tooltip text="namespace" term_id="namespace" >}} level when pods are +created. ### Built-in Pod Security admission enforcement -From Kubernetes v1.23, the `PodSecurity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is a beta feature and is enabled by default. This page is part of the documentation for Kubernetes v{{< skew currentVersion >}}. If you are running a different version of Kubernetes, consult the documentation for that release. -### Alternative: installing the `PodSecurity` admission webhook {#webhook} - -The `PodSecurity` admission logic is also available as a [validating admission webhook](https://git.k8s.io/pod-security-admission/webhook). This implementation is also beta. -For environments where the built-in `PodSecurity` admission plugin cannot be enabled, you can instead enable that logic via a validating admission webhook. - -A pre-built container image, certificate generation scripts, and example manifests -are available at [https://git.k8s.io/pod-security-admission/webhook](https://git.k8s.io/pod-security-admission/webhook). - -To install: -```shell -git clone https://github.com/kubernetes/pod-security-admission.git -cd pod-security-admission/webhook -make certs -kubectl apply -k . -``` - -{{< note >}} -The generated certificate is valid for 2 years. Before it expires, -regenerate the certificate or remove the webhook in favor of the built-in admission plugin. -{{< /note >}} - ## Pod Security levels diff --git a/content/en/docs/concepts/security/pod-security-policy.md b/content/en/docs/concepts/security/pod-security-policy.md index c296f31cc2c74..5b4b692a42e4d 100644 --- a/content/en/docs/concepts/security/pod-security-policy.md +++ b/content/en/docs/concepts/security/pod-security-policy.md @@ -1,6 +1,6 @@ --- reviewers: -- pweil- +- liggitt - tallclair title: Pod Security Policies content_type: concept @@ -11,770 +11,19 @@ weight: 30 {{< feature-state for_k8s_version="v1.21" state="deprecated" >}} -{{< caution >}} -PodSecurityPolicy is deprecated as of Kubernetes v1.21, and **will be removed in v1.25**. We recommend migrating to -[Pod Security Admission](/docs/concepts/security/pod-security-admission/), or a 3rd party admission plugin. -For a migration guide, see [Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller](/docs/tasks/configure-pod-container/migrate-from-psp/). -For more information on the deprecation, -see [PodSecurityPolicy Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/). -{{< /caution >}} - -Pod Security Policies enable fine-grained authorization of pod creation and -updates. - - - -## What is a Pod Security Policy? - -A _Pod Security Policy_ is a cluster-level resource that controls security -sensitive aspects of the pod specification. The -[PodSecurityPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) objects -define a set of conditions that a pod must run with in order to be accepted into -the system, as well as defaults for the related fields. They allow an -administrator to control the following: - -| Control Aspect | Field Names | -| ----------------------------------------------------| ------------------------------------------- | -| Running of privileged containers | [`privileged`](#privileged) | -| Usage of host namespaces | [`hostPID`, `hostIPC`](#host-namespaces) | -| Usage of host networking and ports | [`hostNetwork`, `hostPorts`](#host-namespaces) | -| Usage of volume types | [`volumes`](#volumes-and-file-systems) | -| Usage of the host filesystem | [`allowedHostPaths`](#volumes-and-file-systems) | -| Allow specific FlexVolume drivers | [`allowedFlexVolumes`](#flexvolume-drivers) | -| Allocating an FSGroup that owns the pod's volumes | [`fsGroup`](#volumes-and-file-systems) | -| Requiring the use of a read only root file system | [`readOnlyRootFilesystem`](#volumes-and-file-systems) | -| The user and group IDs of the container | [`runAsUser`, `runAsGroup`, `supplementalGroups`](#users-and-groups) | -| Restricting escalation to root privileges | [`allowPrivilegeEscalation`, `defaultAllowPrivilegeEscalation`](#privilege-escalation) | -| Linux capabilities | [`defaultAddCapabilities`, `requiredDropCapabilities`, `allowedCapabilities`](#capabilities) | -| The SELinux context of the container | [`seLinux`](#selinux) | -| The Allowed Proc Mount types for the container | [`allowedProcMountTypes`](#allowedprocmounttypes) | -| The AppArmor profile used by containers | [annotations](#apparmor) | -| The seccomp profile used by containers | [annotations](#seccomp) | -| The sysctl profile used by containers | [`forbiddenSysctls`,`allowedUnsafeSysctls`](#sysctl) | - - -## Enabling Pod Security Policies - -Pod security policy control is implemented as an optional -[admission controller](/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy). -PodSecurityPolicies are enforced by -[enabling the admission controller](/docs/reference/access-authn-authz/admission-controllers/#how-do-i-turn-on-an-admission-control-plug-in), -but doing so without authorizing any policies **will prevent any pods from being created** in the -cluster. - -Since the pod security policy API (`policy/v1beta1/podsecuritypolicy`) is -enabled independently of the admission controller, for existing clusters it is -recommended that policies are added and authorized before enabling the admission -controller. - -## Authorizing Policies - -When a PodSecurityPolicy resource is created, it does nothing. In order to use -it, the requesting user or target pod's -[service account](/docs/tasks/configure-pod-container/configure-service-account/) -must be authorized to use the policy, by allowing the `use` verb on the policy. - -Most Kubernetes pods are not created directly by users. Instead, they are -typically created indirectly as part of a -[Deployment](/docs/concepts/workloads/controllers/deployment/), -[ReplicaSet](/docs/concepts/workloads/controllers/replicaset/), or other -templated controller via the controller manager. Granting the controller access -to the policy would grant access for *all* pods created by that controller, -so the preferred method for authorizing policies is to grant access to the -pod's service account (see [example](#run-another-pod)). - -### Via RBAC - -[RBAC](/docs/reference/access-authn-authz/rbac/) is a standard Kubernetes -authorization mode, and can easily be used to authorize use of policies. - -First, a `Role` or `ClusterRole` needs to grant access to `use` the desired -policies. The rules to grant access look like this: - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - -``` - -Then the `(Cluster)Role` is bound to the authorized user(s): - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -roleRef: - kind: ClusterRole - name: - apiGroup: rbac.authorization.k8s.io -subjects: -# Authorize all service accounts in a namespace (recommended): -- kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:serviceaccounts: -# Authorize specific service accounts (not recommended): -- kind: ServiceAccount - name: - namespace: -# Authorize specific users (not recommended): -- kind: User - apiGroup: rbac.authorization.k8s.io - name: -``` - -If a `RoleBinding` (not a `ClusterRoleBinding`) is used, it will only grant -usage for pods being run in the same namespace as the binding. This can be -paired with system groups to grant access to all pods run in the namespace: - -```yaml -# Authorize all service accounts in a namespace: -- kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:serviceaccounts -# Or equivalently, all authenticated users in a namespace: -- kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:authenticated -``` - -For more examples of RBAC bindings, see -[RoleBinding examples](/docs/reference/access-authn-authz/rbac#role-binding-examples). -For a complete example of authorizing a PodSecurityPolicy, see [below](#example). - -### Recommended Practice - -PodSecurityPolicy is being replaced by a new, simplified `PodSecurity` -{{< glossary_tooltip text="admission controller" term_id="admission-controller" >}}. -For more details on this change, see -[PodSecurityPolicy Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/). -Follow these guidelines to simplify migration from PodSecurityPolicy to the -new admission controller: - -1. Limit your PodSecurityPolicies to the policies defined by the - [Pod Security Standards](/docs/concepts/security/pod-security-standards): - - - {{< example file="policy/privileged-psp.yaml" >}}Privileged{{< /example >}} - - {{< example file="policy/baseline-psp.yaml" >}}Baseline{{< /example >}} - - {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}} - -1. Only bind PSPs to entire namespaces, by using the `system:serviceaccounts:` group - (where `` is the target namespace). For example: - - ```yaml - apiVersion: rbac.authorization.k8s.io/v1 - # This cluster role binding allows all pods in the "development" namespace to use the baseline PSP. - kind: ClusterRoleBinding - metadata: - name: psp-baseline-namespaces - roleRef: - kind: ClusterRole - name: psp-baseline - apiGroup: rbac.authorization.k8s.io - subjects: - - kind: Group - name: system:serviceaccounts:development - apiGroup: rbac.authorization.k8s.io - - kind: Group - name: system:serviceaccounts:canary - apiGroup: rbac.authorization.k8s.io - ``` - -### Troubleshooting - -- The [controller manager](/docs/reference/command-line-tools-reference/kube-controller-manager/) - must be run against the secured API port and must not have superuser permissions. See - [Controlling Access to the Kubernetes API](/docs/concepts/security/controlling-access) - to learn about API server access controls. - If the controller manager connected through the trusted API port (also known as the - `localhost` listener), requests would bypass authentication and authorization modules; - all PodSecurityPolicy objects would be allowed, and users would be able to create grant - themselves the ability to create privileged containers. - - For more details on configuring controller manager authorization, see - [Controller Roles](/docs/reference/access-authn-authz/rbac/#controller-roles). - -## Policy Order - -In addition to restricting pod creation and update, pod security policies can -also be used to provide default values for many of the fields that it -controls. When multiple policies are available, the pod security policy -controller selects policies according to the following criteria: - -1. PodSecurityPolicies which allow the pod as-is, without changing defaults or - mutating the pod, are preferred. The order of these non-mutating - PodSecurityPolicies doesn't matter. -2. If the pod must be defaulted or mutated, the first PodSecurityPolicy - (ordered by name) to allow the pod is selected. - -When a Pod is validated against a PodSecurityPolicy, [a `kubernetes.io/psp` annotation](/docs/reference/labels-annotations-taints/#kubernetes-io-psp) -is added to the Pod, with the name of the PodSecurityPolicy as the annotation value. - {{< note >}} -During update operations (during which mutations to pod specs are disallowed) -only non-mutating PodSecurityPolicies are used to validate the pod. -{{< /note >}} - -## Example - -This example assumes you have a running cluster with the PodSecurityPolicy -admission controller enabled and you have cluster admin privileges. - -### Set up - -Set up a namespace and a service account to act as for this example. We'll use -this service account to mock a non-admin user. - -```shell -kubectl create namespace psp-example -kubectl create serviceaccount -n psp-example fake-user -kubectl create rolebinding -n psp-example fake-editor --clusterrole=edit --serviceaccount=psp-example:fake-user -``` +PodSecurityPolicy was [deprecated](/blog/2021/04/08/kubernetes-1-21-release-announcement/#podsecuritypolicy-deprecation) +in Kubernetes v1.21, and removed from Kubernetes in v1.25. +Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using +either or both: -To make it clear which user we're acting as and save some typing, create 2 -aliases: +- [Pod Security Admission](/docs/concepts/security/pod-security-admission/) +- a 3rd party admission plugin, that you deploy and configure yourself -```shell -alias kubectl-admin='kubectl -n psp-example' -alias kubectl-user='kubectl --as=system:serviceaccount:psp-example:fake-user -n psp-example' -``` - -### Create a policy and a pod - -This is a policy that prevents the creation of privileged pods. -The name of a PodSecurityPolicy object must be a valid -[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). - -{{< codenew file="policy/example-psp.yaml" >}} - -And create it with kubectl: - -```shell -kubectl-admin create -f https://k8s.io/examples/policy/example-psp.yaml -``` - -Now, as the unprivileged user, try to create a simple pod: - -```shell -kubectl-user create -f- <}} -This is not the recommended way! See the [next section](#run-another-pod) -for the preferred approach. +If you are not running Kubernetes v{{< skew currentVersion >}}, check the documentation for +your version of Kubernetes. {{< /note >}} - -```shell -kubectl-admin create role psp:unprivileged \ - --verb=use \ - --resource=podsecuritypolicy \ - --resource-name=example -``` - -``` -role "psp:unprivileged" created -``` - -```shell -kubectl-admin create rolebinding fake-user:psp:unprivileged \ - --role=psp:unprivileged \ - --serviceaccount=psp-example:fake-user -``` - -``` -rolebinding "fake-user:psp:unprivileged" created -``` - -```shell -kubectl-user auth can-i use podsecuritypolicy/example -``` - -``` -yes -``` - -Now retry creating the pod: - -```shell -kubectl-user create -f- <}} - -This is an example of a restrictive policy that requires users to run as an -unprivileged user, blocks possible escalations to root, and requires use of -several security mechanisms. - -{{< codenew file="policy/restricted-psp.yaml" >}} - -See [Pod Security Standards](/docs/concepts/security/pod-security-standards/#policy-instantiation) -for more examples. - -## Policy Reference - -### Privileged - -**Privileged** - determines if any container in a pod can enable privileged mode. -By default a container is not allowed to access any devices on the host, but a -"privileged" container is given access to all devices on the host. This allows -the container nearly all the same access as processes running on the host. -This is useful for containers that want to use linux capabilities like -manipulating the network stack and accessing devices. - -### Host namespaces - -**HostPID** - Controls whether the pod containers can share the host process ID -namespace. Note that when paired with ptrace this can be used to escalate -privileges outside of the container (ptrace is forbidden by default). - -**HostIPC** - Controls whether the pod containers can share the host IPC -namespace. - -**HostNetwork** - Controls whether the pod may use the node network -namespace. Doing so gives the pod access to the loopback device, services -listening on localhost, and could be used to snoop on network activity of other -pods on the same node. - -**HostPorts** - Provides a list of ranges of allowable ports in the host -network namespace. Defined as a list of `HostPortRange`, with `min`(inclusive) -and `max`(inclusive). Defaults to no allowed host ports. - -### Volumes and file systems - -**Volumes** - Provides a list of allowed volume types. The allowable values -correspond to the volume sources that are defined when creating a volume. For -the complete list of volume types, see [Types of -Volumes](/docs/concepts/storage/volumes/#types-of-volumes). Additionally, -`*` may be used to allow all volume types. - -The **recommended minimum set** of allowed volumes for new PSPs are: - -- `configMap` -- `downwardAPI` -- `emptyDir` -- `persistentVolumeClaim` -- `secret` -- `projected` - -{{< warning >}} -PodSecurityPolicy does not limit the types of `PersistentVolume` objects that -may be referenced by a `PersistentVolumeClaim`, and hostPath type -`PersistentVolumes` do not support read-only access mode. Only trusted users -should be granted permission to create `PersistentVolume` objects. -{{< /warning >}} - -**FSGroup** - Controls the supplemental group applied to some volumes. - -- *MustRunAs* - Requires at least one `range` to be specified. Uses the - minimum value of the first range as the default. Validates against all ranges. -- *MayRunAs* - Requires at least one `range` to be specified. Allows - `FSGroups` to be left unset without providing a default. Validates against - all ranges if `FSGroups` is set. -- *RunAsAny* - No default provided. Allows any `fsGroup` ID to be specified. - -**AllowedHostPaths** - This specifies a list of host paths that are allowed -to be used by hostPath volumes. An empty list means there is no restriction on -host paths used. This is defined as a list of objects with a single `pathPrefix` -field, which allows hostPath volumes to mount a path that begins with an -allowed prefix, and a `readOnly` field indicating it must be mounted read-only. -For example: - -```yaml - allowedHostPaths: - # This allows "/foo", "/foo/", "/foo/bar" etc., but - # disallows "/fool", "/etc/foo" etc. - # "/foo/../" is never valid. - - pathPrefix: "/foo" - readOnly: true # only allow read-only mounts -``` - -{{< warning >}} -There are many ways a container with unrestricted access to the host -filesystem can escalate privileges, including reading data from other -containers, and abusing the credentials of system services, such as Kubelet. - -Writeable hostPath directory volumes allow containers to write -to the filesystem in ways that let them traverse the host filesystem outside the `pathPrefix`. -`readOnly: true`, available in Kubernetes 1.11+, must be used on **all** `allowedHostPaths` -to effectively limit access to the specified `pathPrefix`. -{{< /warning >}} - -**ReadOnlyRootFilesystem** - Requires that containers must run with a read-only -root filesystem (i.e. no writable layer). - -### FlexVolume drivers - -This specifies a list of FlexVolume drivers that are allowed to be used -by flexvolume. An empty list or nil means there is no restriction on the drivers. -Please make sure [`volumes`](#volumes-and-file-systems) field contains the -`flexVolume` volume type; no FlexVolume driver is allowed otherwise. - -For example: - -```yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: allow-flex-volumes -spec: - # ... other spec fields - volumes: - - flexVolume - allowedFlexVolumes: - - driver: example/lvm - - driver: example/cifs -``` - -### Users and groups - -**RunAsUser** - Controls which user ID the containers are run with. - -- *MustRunAs* - Requires at least one `range` to be specified. Uses the - minimum value of the first range as the default. Validates against all ranges. -- *MustRunAsNonRoot* - Requires that the pod be submitted with a non-zero - `runAsUser` or have the `USER` directive defined (using a numeric UID) in the - image. Pods which have specified neither `runAsNonRoot` nor `runAsUser` settings - will be mutated to set `runAsNonRoot=true`, thus requiring a defined non-zero - numeric `USER` directive in the container. No default provided. Setting - `allowPrivilegeEscalation=false` is strongly recommended with this strategy. -- *RunAsAny* - No default provided. Allows any `runAsUser` to be specified. - -**RunAsGroup** - Controls which primary group ID the containers are run with. - -- *MustRunAs* - Requires at least one `range` to be specified. Uses the - minimum value of the first range as the default. Validates against all ranges. -- *MayRunAs* - Does not require that RunAsGroup be specified. However, when RunAsGroup - is specified, they have to fall in the defined range. -- *RunAsAny* - No default provided. Allows any `runAsGroup` to be specified. - - -**SupplementalGroups** - Controls which group IDs containers add. - -- *MustRunAs* - Requires at least one `range` to be specified. Uses the - minimum value of the first range as the default. Validates against all ranges. -- *MayRunAs* - Requires at least one `range` to be specified. Allows - `supplementalGroups` to be left unset without providing a default. - Validates against all ranges if `supplementalGroups` is set. -- *RunAsAny* - No default provided. Allows any `supplementalGroups` to be - specified. - -### Privilege Escalation - -These options control the `allowPrivilegeEscalation` container option. This bool -directly controls whether the -[`no_new_privs`](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt) -flag gets set on the container process. This flag will prevent `setuid` binaries -from changing the effective user ID, and prevent files from enabling extra -capabilities (e.g. it will prevent the use of the `ping` tool). This behavior is -required to effectively enforce `MustRunAsNonRoot`. - -**AllowPrivilegeEscalation** - Gates whether or not a user is allowed to set the -security context of a container to `allowPrivilegeEscalation=true`. This -defaults to allowed so as to not break setuid binaries. Setting it to `false` -ensures that no child process of a container can gain more privileges than its parent. - -**DefaultAllowPrivilegeEscalation** - Sets the default for the -`allowPrivilegeEscalation` option. The default behavior without this is to allow -privilege escalation so as to not break setuid binaries. If that behavior is not -desired, this field can be used to default to disallow, while still permitting -pods to request `allowPrivilegeEscalation` explicitly. - -### Capabilities - -Linux capabilities provide a finer grained breakdown of the privileges -traditionally associated with the superuser. Some of these capabilities can be -used to escalate privileges or for container breakout, and may be restricted by -the PodSecurityPolicy. For more details on Linux capabilities, see -[capabilities(7)](http://man7.org/linux/man-pages/man7/capabilities.7.html). - -The following fields take a list of capabilities, specified as the capability -name in ALL_CAPS without the `CAP_` prefix. - -**AllowedCapabilities** - Provides a list of capabilities that are allowed to be added -to a container. The default set of capabilities are implicitly allowed. The -empty set means that no additional capabilities may be added beyond the default -set. `*` can be used to allow all capabilities. - -**RequiredDropCapabilities** - The capabilities which must be dropped from -containers. These capabilities are removed from the default set, and must not be -added. Capabilities listed in `RequiredDropCapabilities` must not be included in -`AllowedCapabilities` or `DefaultAddCapabilities`. - -**DefaultAddCapabilities** - The capabilities which are added to containers by -default, in addition to the runtime defaults. See the -documentation for your container runtime for information on working with Linux capabilities. - -### SELinux - -- *MustRunAs* - Requires `seLinuxOptions` to be configured. Uses -`seLinuxOptions` as the default. Validates against `seLinuxOptions`. -- *RunAsAny* - No default provided. Allows any `seLinuxOptions` to be -specified. - -### AllowedProcMountTypes - -`allowedProcMountTypes` is a list of allowed ProcMountTypes. -Empty or nil indicates that only the `DefaultProcMountType` may be used. - -`DefaultProcMount` uses the container runtime defaults for readonly and masked -paths for /proc. Most container runtimes mask certain paths in /proc to avoid -accidental security exposure of special devices or information. This is denoted -as the string `Default`. - -The only other ProcMountType is `UnmaskedProcMount`, which bypasses the -default masking behavior of the container runtime and ensures the newly -created /proc the container stays intact with no modifications. This is -denoted as the string `Unmasked`. - -### AppArmor - -Controlled via annotations on the PodSecurityPolicy. Refer to the -[AppArmor documentation](/docs/tutorials/security/apparmor/#podsecuritypolicy-annotations). - -### Seccomp - -As of Kubernetes v1.19, you can use the `seccompProfile` field in the -`securityContext` of Pods or containers to -[control use of seccomp profiles](/docs/tutorials/security/seccomp/). -In prior versions, seccomp was controlled by adding annotations to a Pod. The -same PodSecurityPolicies can be used with either version to enforce how these -fields or annotations are applied. - -**seccomp.security.alpha.kubernetes.io/defaultProfileName** - Annotation that -specifies the default seccomp profile to apply to containers. Possible values -are: - -- `unconfined` - Seccomp is not applied to the container processes (this is the - default in Kubernetes), if no alternative is provided. -- `runtime/default` - The default container runtime profile is used. -- `docker/default` - The Docker default seccomp profile is used. Deprecated as - of Kubernetes 1.11. Use `runtime/default` instead. -- `localhost/` - Specify a profile as a file on the node located at - `/`, where `` is defined via the - `--seccomp-profile-root` flag on the Kubelet. If the `--seccomp-profile-root` - flag is not defined, the default path will be used, which is - `/seccomp` where `` is specified by the `--root-dir` flag. - - {{< note >}} - The `--seccomp-profile-root` flag is deprecated since Kubernetes - v1.19. Users are encouraged to use the default path. - {{< /note >}} - -**seccomp.security.alpha.kubernetes.io/allowedProfileNames** - Annotation that -specifies which values are allowed for the pod seccomp annotations. Specified as -a comma-delimited list of allowed values. Possible values are those listed -above, plus `*` to allow all profiles. Absence of this annotation means that the -default cannot be changed. - -### Sysctl - -By default, all safe sysctls are allowed. - -- `forbiddenSysctls` - excludes specific sysctls. You can forbid a combination - of safe and unsafe sysctls in the list. To forbid setting any sysctls, use - `*` on its own. -- `allowedUnsafeSysctls` - allows specific sysctls that had been disallowed by - the default list, so long as these are not listed in `forbiddenSysctls`. - -Refer to the [Sysctl documentation](/docs/tasks/administer-cluster/sysctl-cluster/#podsecuritypolicy). - -## {{% heading "whatsnext" %}} - -- See [PodSecurityPolicy Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) - to learn about the future of pod security policy. - -- See [Pod Security Standards](/docs/concepts/security/pod-security-standards/) - for policy recommendations. - -- Refer to [PodSecurityPolicy reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) - for the API details. - diff --git a/content/en/docs/concepts/security/pod-security-standards.md b/content/en/docs/concepts/security/pod-security-standards.md index d60f3b0ae1eaa..691f04bc56990 100644 --- a/content/en/docs/concepts/security/pod-security-standards.md +++ b/content/en/docs/concepts/security/pod-security-standards.md @@ -326,7 +326,7 @@ fail validation. Privilege Escalation (v1.8+) -

Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed.

+

Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed. This is Linux only policy in v1.25+ (spec.os.name != windows)

Restricted Fields

  • spec.containers[*].securityContext.allowPrivilegeEscalation
    • @@ -381,7 +381,7 @@ fail validation. Seccomp (v1.19+) -

    Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.

    +

    Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited. This is Linux only policy in v1.25+ (spec.os.name != windows)

    Restricted Fields

    • spec.securityContext.seccompProfile.type
      • @@ -407,7 +407,7 @@ fail validation.

      Containers must drop ALL capabilities, and are only permitted to add back - the NET_BIND_SERVICE capability. + the NET_BIND_SERVICE capability. This is Linux only policy in v1.25+ (.spec.os.name != "windows")

      Restricted Fields

        @@ -451,12 +451,6 @@ of individual policies are not defined here. - {{< example file="security/podsecurity-baseline.yaml" >}}Baseline namespace{{< /example >}} - {{< example file="security/podsecurity-restricted.yaml" >}}Restricted namespace{{< /example >}} -[**PodSecurityPolicy**](/docs/concepts/security/pod-security-policy/) (Deprecated) - -- {{< example file="policy/privileged-psp.yaml" >}}Privileged{{< /example >}} -- {{< example file="policy/baseline-psp.yaml" >}}Baseline{{< /example >}} -- {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}} - ### Alternatives {{% thirdparty-content %}} @@ -467,6 +461,30 @@ Other alternatives for enforcing policies are being developed in the Kubernetes - [Kyverno](https://kyverno.io/policies/pod-security/) - [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) +## Pod OS field + +Kubernetes lets you use nodes that run either Linux or Windows. You can mix both kinds of +node in one cluster. +Windows in Kubernetes has some limitations and differentiators from Linux-based +workloads. Specifically, many of the Pod `securityContext` fields +[have no effect on Windows](/docs/concepts/windows/intro/#compatibility-v1-pod-spec-containers-securitycontext). + +{{< note >}} +Kubelets prior to v1.24 don't enforce the pod OS field, and if a cluster has nodes on versions earlier than v1.24 the restricted policies should be pinned to a version prior to v1.25. +{{< /note >}} + +### Restricted Pod Security Standard changes +Another important change, made in Kubernetes v1.25 is that the _restricted_ Pod security +has been updated to use the `pod.spec.os.name` field. Based on the OS name, certain policies that are specific +to a particular OS can be relaxed for the other OS. + + +#### OS-specific policy controls +Restrictions on the following controls are only required if `.spec.os.name` is not `windows`: +- Privilege Escalation +- Seccomp +- Linux Capabilities + ## FAQ ### Why isn't there a profile between privileged and baseline? @@ -490,23 +508,6 @@ as well as other related parameters outside the Security Context. As of July 202 [Pod Security Policies](/docs/concepts/security/pod-security-policy/) are deprecated in favor of the built-in [Pod Security Admission Controller](/docs/concepts/security/pod-security-admission/). -### What profiles should I apply to my Windows Pods? - -Windows in Kubernetes has some limitations and differentiators from standard Linux-based -workloads. Specifically, many of the Pod SecurityContext fields -[have no effect on Windows](/docs/concepts/windows/intro/#compatibility-v1-pod-spec-containers-securitycontext). -As such, no standardized Pod Security profiles currently exist. - -If you apply the restricted profile for a Windows pod, this **may** have an impact on the pod -at runtime. The restricted profile requires enforcing Linux-specific restrictions (such as seccomp -profile, and disallowing privilege escalation). If the kubelet and / or its container runtime ignore -these Linux-specific values, then the Windows pod should still work normally within the restricted -profile. However, the lack of enforcement means that there is no additional restriction, for Pods -that use Windows containers, compared to the baseline profile. - -The use of the HostProcess flag to create a HostProcess pod should only be done in alignment with the privileged policy. -Creation of a Windows HostProcess pod is blocked under the baseline and restricted policies, -so any HostProcess pod should be considered privileged. ### What about sandboxed Pods? diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md index 9a97abfb5b1bf..b156e0fd881c6 100644 --- a/content/en/docs/concepts/services-networking/network-policies.md +++ b/content/en/docs/concepts/services-networking/network-policies.md @@ -193,9 +193,9 @@ When the feature gate is enabled, you can set the `protocol` field of a NetworkP You must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin that supports SCTP protocol NetworkPolicies. {{< /note >}} -## Targeting a range of Ports +## Targeting a range of ports -{{< feature-state for_k8s_version="v1.22" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} When writing a NetworkPolicy, you can target a range of ports instead of a single port. @@ -228,10 +228,6 @@ with any IP within the range `10.0.0.0/24` over TCP, provided that the target port is between the range 32000 and 32768. The following restrictions apply when using this field: -* As a beta feature, this is enabled by default. To disable the `endPort` field -at a cluster level, you (or your cluster administrator) need to disable the -`NetworkPolicyEndPort` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) -for the API server with `--feature-gates=NetworkPolicyEndPort=false,…`. * The `endPort` field must be equal to or greater than the `port` field. * `endPort` can only be defined if `port` is also defined. * Both ports must be numeric. diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index ffd5e80b76c66..a7dd64a187a17 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -1325,15 +1325,15 @@ IP addresses that are no longer used by any Services. #### IP address ranges for `type: ClusterIP` Services {#service-ip-static-sub-range} -{{< feature-state for_k8s_version="v1.24" state="alpha" >}} +{{< feature-state for_k8s_version="v1.25" state="beta" >}} However, there is a problem with this `ClusterIP` allocation strategy, because a user can also [choose their own address for the service](#choosing-your-own-ip-address). This could result in a conflict if the internal allocator selects the same IP address for another Service. -If you enable the `ServiceIPStaticSubrange` -[feature gate](/docs/reference/command-line-tools-reference/feature-gates/), -the allocation strategy divides the `ClusterIP` range into two bands, based on +The `ServiceIPStaticSubrange` +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled by default in v1.25 +and later, using an allocation strategy that divides the `ClusterIP` range into two bands, based on the size of the configured `service-cluster-ip-range` by using the following formula `min(max(16, cidrSize / 16), 256)`, described as _never less than 16 or more than 256, with a graduated step function between them_. Dynamic IP allocations will be preferentially diff --git a/content/en/docs/concepts/storage/ephemeral-volumes.md b/content/en/docs/concepts/storage/ephemeral-volumes.md index 045bcafe768a9..4c81ebebe29f2 100644 --- a/content/en/docs/concepts/storage/ephemeral-volumes.md +++ b/content/en/docs/concepts/storage/ephemeral-volumes.md @@ -74,10 +74,7 @@ is managed by kubelet, or injecting different data. ### CSI ephemeral volumes -{{< feature-state for_k8s_version="v1.16" state="beta" >}} - -This feature requires the `CSIInlineVolume` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) -to be enabled. It is enabled by default starting with Kubernetes 1.16. +{{< feature-state for_k8s_version="v1.25" state="stable" >}} {{< note >}} CSI ephemeral volumes are only supported by a subset of CSI drivers. diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 07521f42eec68..c84518a5f6870 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -9,7 +9,7 @@ title: Persistent Volumes feature: title: Storage orchestration description: > - Automatically mount the storage system of your choice, whether from local storage, a public cloud provider such as GCP or AWS, or a network storage system such as NFS, iSCSI, Gluster, Ceph, Cinder, or Flocker. + Automatically mount the storage system of your choice, whether from local storage, a public cloud provider such as AWS or GCP, or a network storage system such as NFS, iSCSI, Ceph, Cinder. content_type: concept weight: 20 --- @@ -166,7 +166,7 @@ spec: path: /any/path/it/will/be/replaced containers: - name: pv-recycler - image: "k8s.gcr.io/busybox" + image: "registry.k8s.io/busybox" command: ["/bin/sh", "-c", "test -e /scrub && rm -rf /scrub/..?* /scrub/.[!.]* /scrub/* && test -z \"$(ls -A /scrub)\" || exit 1"] volumeMounts: - name: vol @@ -238,10 +238,9 @@ Source: Events: ``` -Enabling the `CSIMigration` feature for a specific in-tree volume plugin will remove -the `kubernetes.io/pv-controller` finalizer, while adding the `external-provisioner.volume.kubernetes.io/finalizer` -finalizer. Similarly, disabling `CSIMigration` will remove the `external-provisioner.volume.kubernetes.io/finalizer` -finalizer, while adding the `kubernetes.io/pv-controller` finalizer. +When the `CSIMigration{provider}` feature flag is enabled for a specific in-tree volume plugin, +the `kubernetes.io/pv-controller` finalizer is replaced by the +`external-provisioner.volume.kubernetes.io/finalizer` finalizer. ### Reserving a PersistentVolume @@ -413,14 +412,9 @@ Kubernetes does not support shrinking a PVC to less than its current size. PersistentVolume types are implemented as plugins. Kubernetes currently supports the following plugins: -* [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS) -* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk -* [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File * [`cephfs`](/docs/concepts/storage/volumes/#cephfs) - CephFS volume * [`csi`](/docs/concepts/storage/volumes/#csi) - Container Storage Interface (CSI) * [`fc`](/docs/concepts/storage/volumes/#fc) - Fibre Channel (FC) storage -* [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk -* [`glusterfs`](/docs/concepts/storage/volumes/#glusterfs) - Glusterfs volume * [`hostPath`](/docs/concepts/storage/volumes/#hostpath) - HostPath volume (for single node testing only; WILL NOT WORK in a multi-node cluster; consider using `local` volume instead) @@ -428,29 +422,41 @@ PersistentVolume types are implemented as plugins. Kubernetes currently supports * [`local`](/docs/concepts/storage/volumes/#local) - local storage devices mounted on nodes. * [`nfs`](/docs/concepts/storage/volumes/#nfs) - Network File System (NFS) storage -* [`portworxVolume`](/docs/concepts/storage/volumes/#portworxvolume) - Portworx volume * [`rbd`](/docs/concepts/storage/volumes/#rbd) - Rados Block Device (RBD) volume -* [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume) - vSphere VMDK volume The following types of PersistentVolume are deprecated. This means that support is still available but will be removed in a future Kubernetes release. +* [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS) + (**deprecated** in v1.17) +* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk + (**deprecated** in v1.19) +* [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File + (**deprecated** in v1.21) * [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage) (**deprecated** in v1.18) * [`flexVolume`](/docs/concepts/storage/volumes/#flexvolume) - FlexVolume (**deprecated** in v1.23) -* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage - (**deprecated** in v1.22) -* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Quobyte volume - (**deprecated** in v1.22) -* [`storageos`](/docs/concepts/storage/volumes/#storageos) - StorageOS volume - (**deprecated** in v1.22) +* [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk + (**deprecated** in v1.17) +* [`glusterfs`](/docs/concepts/storage/volumes/#glusterfs) - Glusterfs volume + (**deprecated** in v1.25) +* [`portworxVolume`](/docs/concepts/storage/volumes/#portworxvolume) - Portworx volume + (**deprecated** in v1.25) +* [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume) - vSphere VMDK volume + (**deprecated** in v1.19) Older versions of Kubernetes also supported the following in-tree PersistentVolume types: * `photonPersistentDisk` - Photon controller persistent disk. - (**not available** after v1.15) + (**not available** starting v1.15) * [`scaleIO`](/docs/concepts/storage/volumes/#scaleio) - ScaleIO volume - (**not available** after v1.21) + (**not available** starting v1.21) +* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage + (**not available** starting v1.25) +* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Quobyte volume + (**not available** starting v1.25) +* [`storageos`](/docs/concepts/storage/volumes/#storageos) - StorageOS volume + (**not available** starting v1.25) ## Persistent Volumes @@ -562,17 +568,14 @@ If the access modes are specified as ReadWriteOncePod, the volume is constrained | CSI | depends on the driver | depends on the driver | depends on the driver | depends on the driver | | FC | ✓ | ✓ | - | - | | FlexVolume | ✓ | ✓ | depends on the driver | - | -| Flocker | ✓ | - | - | - | | GCEPersistentDisk | ✓ | ✓ | - | - | | Glusterfs | ✓ | ✓ | ✓ | - | | HostPath | ✓ | - | - | - | | iSCSI | ✓ | ✓ | - | - | -| Quobyte | ✓ | ✓ | ✓ | - | | NFS | ✓ | ✓ | ✓ | - | | RBD | ✓ | ✓ | - | - | | VsphereVolume | ✓ | - | - (works when Pods are collocated) | - | | PortworxVolume | ✓ | - | ✓ | - | - | -| StorageOS | ✓ | - | - | - | ### Class @@ -616,9 +619,7 @@ The following volume types support mount options: * `glusterfs` * `iscsi` * `nfs` -* `quobyte` (**deprecated** in v1.22) * `rbd` -* `storageos` (**deprecated** in v1.22) * `vsphereVolume` Mount options are not validated. If a mount option is invalid, the mount fails. @@ -718,9 +719,13 @@ is turned on. more than one default is specified, the admission plugin forbids the creation of all PVCs. * If the admission plugin is turned off, there is no notion of a default - StorageClass. All PVCs that have no `storageClassName` can be bound only to PVs that - have no class. In this case, the PVCs that have no `storageClassName` are treated the - same way as PVCs that have their `storageClassName` set to `""`. + StorageClass. All PVCs that have `storageClassName` set to `""` can be + bound only to PVs that have `storageClassName` also set to `""`. + However, PVCs with missing `storageClassName` can be updated later once + default StorageClass becomes available. If the PVC gets updated it will no + longer bind to PVs that have `storageClassName` also set to `""`. + +See [retroactive default StorageClass assignment](#retroactive-default-storageclass-assignment) for more details. Depending on installation method, a default StorageClass may be deployed to a Kubernetes cluster by addon manager during installation. @@ -737,6 +742,20 @@ In the past, the annotation `volume.beta.kubernetes.io/storage-class` was used i of `storageClassName` attribute. This annotation is still working; however, it won't be supported in a future Kubernetes release. + +#### Retroactive default StorageClass assignment + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +You can create a PersistentVolumeClaim without specifying a `storageClassName` for the new PVC, and you can do so even when no default StorageClass exists in your cluster. In this case, the new PVC creates as you defined it, and the `storageClassName` of that PVC remains unset until default becomes available. +However, if you enable the [`RetroactiveDefaultStorageClass` feature gate](/docs/reference/command-line-tools-reference/feature-gates/) then Kubernetes behaves differently: existing PVCs without `storageClassName` update to use the new default StorageClass. + +When a default StorageClass becomes available, the control plane identifies any existing PVCs without `storageClassName`. For the PVCs that either have an empty value for `storageClassName` or do not have this key, the control plane then updates those PVCs to set `storageClassName` to match the new default StorageClass. If you have an existing PVC where the `storageClassName` is `""`, and you configure a default StorageClass, then this PVC will not get updated. + +In order to keep binding to PVs with `storageClassName` set to `""` (while a default StorageClass is present), you need to set the `storageClassName` of the associated PVC to `""`. + +This behavior helps administrators change default StorageClass by removing the old one first and then creating or setting another one. This brief window while there is no default causes PVCs without `storageClassName` created at that time to not have any default, but due to the retroactive default StorageClass assignment this way of changing defaults is safe. + ## Claims As Volumes Pods access storage by using the claim as a volume. Claims must exist in the same namespace as the Pod using the claim. The cluster finds the claim in the Pod's namespace and uses it to get the PersistentVolume backing the claim. The volume is then mounted to the host and into the Pod. diff --git a/content/en/docs/concepts/storage/storage-classes.md b/content/en/docs/concepts/storage/storage-classes.md index 970582679a99b..6303f9df7090a 100644 --- a/content/en/docs/concepts/storage/storage-classes.md +++ b/content/en/docs/concepts/storage/storage-classes.md @@ -71,17 +71,13 @@ for provisioning PVs. This field must be specified. | Cinder | ✓ | [OpenStack Cinder](#openstack-cinder)| | FC | - | - | | FlexVolume | - | - | -| Flocker | ✓ | - | | GCEPersistentDisk | ✓ | [GCE PD](#gce-pd) | | Glusterfs | ✓ | [Glusterfs](#glusterfs) | | iSCSI | - | - | -| Quobyte | ✓ | [Quobyte](#quobyte) | | NFS | - | [NFS](#nfs) | | RBD | ✓ | [Ceph RBD](#ceph-rbd) | | VsphereVolume | ✓ | [vSphere](#vsphere) | | PortworxVolume | ✓ | [Portworx Volume](#portworx-volume) | -| ScaleIO | ✓ | [ScaleIO](#scaleio) | -| StorageOS | ✓ | [StorageOS](#storageos) | | Local | - | [Local](#local) | You are not restricted to specifying the "internal" provisioners @@ -599,61 +595,6 @@ parameters: set `imageFormat` to "2". Currently supported features are `layering` only. Default is "", and no features are turned on. -### Quobyte - -{{< feature-state for_k8s_version="v1.22" state="deprecated" >}} - -The Quobyte in-tree storage plugin is deprecated, an -[example](https://github.com/quobyte/quobyte-csi/blob/master/example/StorageClass.yaml) -`StorageClass` for the out-of-tree Quobyte plugin can be found at the Quobyte CSI repository. - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: slow -provisioner: kubernetes.io/quobyte -parameters: - quobyteAPIServer: "http://138.68.74.142:7860" - registry: "138.68.74.142:7861" - adminSecretName: "quobyte-admin-secret" - adminSecretNamespace: "kube-system" - user: "root" - group: "root" - quobyteConfig: "BASE" - quobyteTenant: "DEFAULT" -``` - -* `quobyteAPIServer`: API Server of Quobyte in the format - `"http(s)://api-server:7860"` -* `registry`: Quobyte registry to use to mount the volume. You can specify the - registry as ``:`` pair or if you want to specify multiple - registries, put a comma between them. - ``:,:,:``. - The host can be an IP address or if you have a working DNS you can also - provide the DNS names. -* `adminSecretNamespace`: The namespace for `adminSecretName`. - Default is "default". -* `adminSecretName`: secret that holds information about the Quobyte user and - the password to authenticate against the API server. The provided secret - must have type "kubernetes.io/quobyte" and the keys `user` and `password`, - for example: - - ```shell - kubectl create secret generic quobyte-admin-secret \ - --type="kubernetes.io/quobyte" --from-literal=user='admin' --from-literal=password='opensesame' \ - --namespace=kube-system - ``` - -* `user`: maps all access to this user. Default is "root". -* `group`: maps all access to this group. Default is "nfsnobody". -* `quobyteConfig`: use the specified configuration to create the volume. You - can create a new configuration or modify an existing one with the Web - console or the quobyte CLI. Default is "BASE". -* `quobyteTenant`: use the specified tenant ID to create/delete the volume. - This Quobyte tenant has to be already present in Quobyte. - Default is "DEFAULT". - ### Azure Disk #### Azure Unmanaged Disk storage class {#azure-unmanaged-disk-storage-class} @@ -782,96 +723,6 @@ parameters: to false, `true/false` (default `false`). A string is expected here i.e. `"true"` and not `true`. -### ScaleIO - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: slow -provisioner: kubernetes.io/scaleio -parameters: - gateway: https://192.168.99.200:443/api - system: scaleio - protectionDomain: pd0 - storagePool: sp1 - storageMode: ThinProvisioned - secretRef: sio-secret - readOnly: "false" - fsType: xfs -``` - -* `provisioner`: attribute is set to `kubernetes.io/scaleio` -* `gateway`: address to a ScaleIO API gateway (required) -* `system`: the name of the ScaleIO system (required) -* `protectionDomain`: the name of the ScaleIO protection domain (required) -* `storagePool`: the name of the volume storage pool (required) -* `storageMode`: the storage provision mode: `ThinProvisioned` (default) or - `ThickProvisioned` -* `secretRef`: reference to a configured Secret object (required) -* `readOnly`: specifies the access mode to the mounted volume (default false) -* `fsType`: the file system to use for the volume (default ext4) - -The ScaleIO Kubernetes volume plugin requires a configured Secret object. -The secret must be created with type `kubernetes.io/scaleio` and use the same -namespace value as that of the PVC where it is referenced -as shown in the following command: - -```shell -kubectl create secret generic sio-secret --type="kubernetes.io/scaleio" \ ---from-literal=username=sioadmin --from-literal=password=d2NABDNjMA== \ ---namespace=default -``` - -### StorageOS - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: fast -provisioner: kubernetes.io/storageos -parameters: - pool: default - description: Kubernetes volume - fsType: ext4 - adminSecretNamespace: default - adminSecretName: storageos-secret -``` - -* `pool`: The name of the StorageOS distributed capacity pool to provision the - volume from. Uses the `default` pool which is normally present if not specified. -* `description`: The description to assign to volumes that were created dynamically. - All volume descriptions will be the same for the storage class, but different - storage classes can be used to allow descriptions for different use cases. - Defaults to `Kubernetes volume`. -* `fsType`: The default filesystem type to request. Note that user-defined rules - within StorageOS may override this value. Defaults to `ext4`. -* `adminSecretNamespace`: The namespace where the API configuration secret is - located. Required if adminSecretName set. -* `adminSecretName`: The name of the secret to use for obtaining the StorageOS - API credentials. If not specified, default values will be attempted. - -The StorageOS Kubernetes volume plugin can use a Secret object to specify an -endpoint and credentials to access the StorageOS API. This is only required when -the defaults have been changed. -The secret must be created with type `kubernetes.io/storageos` as shown in the -following command: - -```shell -kubectl create secret generic storageos-secret \ ---type="kubernetes.io/storageos" \ ---from-literal=apiAddress=tcp://localhost:5705 \ ---from-literal=apiUsername=storageos \ ---from-literal=apiPassword=storageos \ ---namespace=default -``` - -Secrets used for dynamically provisioned volumes may be created in any namespace -and referenced with the `adminSecretNamespace` parameter. Secrets used by -pre-provisioned volumes must be created in the same namespace as the PVC that -references it. - ### Local {{< feature-state for_k8s_version="v1.14" state="stable" >}} diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 307f005e81398..371dcde9c4d65 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -104,7 +104,7 @@ metadata: name: test-ebs spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-container volumeMounts: - mountPath: /test-ebs @@ -121,14 +121,13 @@ If the EBS volume is partitioned, you can supply the optional field `partition: #### AWS EBS CSI migration -{{< feature-state for_k8s_version="v1.17" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} The `CSIMigration` feature for `awsElasticBlockStore`, when enabled, redirects all plugin operations from the existing in-tree plugin to the `ebs.csi.aws.com` Container Storage Interface (CSI) driver. In order to use this feature, the [AWS EBS CSI driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) -must be installed on the cluster and the `CSIMigration` and `CSIMigrationAWS` -beta features must be enabled. +must be installed on the cluster. #### AWS EBS CSI migration complete @@ -153,7 +152,7 @@ The `CSIMigration` feature for `azureDisk`, when enabled, redirects all plugin o from the existing in-tree plugin to the `disk.csi.azure.com` Container Storage Interface (CSI) Driver. In order to use this feature, the [Azure Disk CSI Driver](https://github.com/kubernetes-sigs/azuredisk-csi-driver) -must be installed on the cluster and the `CSIMigration` feature must be enabled. +must be installed on the cluster. #### azureDisk CSI migration complete @@ -179,7 +178,7 @@ The `CSIMigration` feature for `azureFile`, when enabled, redirects all plugin o from the existing in-tree plugin to the `file.csi.azure.com` Container Storage Interface (CSI) Driver. In order to use this feature, the [Azure File CSI Driver](https://github.com/kubernetes-sigs/azurefile-csi-driver) -must be installed on the cluster and the `CSIMigration` and `CSIMigrationAzureFile` +must be installed on the cluster and the `CSIMigrationAzureFile` [feature gates](/docs/reference/command-line-tools-reference/feature-gates/) must be enabled. Azure File CSI driver does not support using same volume with different fsgroups. If @@ -226,7 +225,7 @@ metadata: name: test-cinder spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-cinder-container volumeMounts: - mountPath: /test-cinder @@ -358,7 +357,7 @@ metadata: name: test-pd spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-container volumeMounts: - mountPath: /cache @@ -382,24 +381,6 @@ beforehand so that Kubernetes hosts can access them. See the [fibre channel example](https://github.com/kubernetes/examples/tree/master/staging/volumes/fibre_channel) for more details. -### flocker (deprecated) {#flocker} - -[Flocker](https://github.com/ClusterHQ/flocker) is an open-source, clustered -container data volume manager. Flocker provides management -and orchestration of data volumes backed by a variety of storage backends. - -A `flocker` volume allows a Flocker dataset to be mounted into a Pod. If the -dataset does not already exist in Flocker, it needs to be first created with the Flocker -CLI or by using the Flocker API. If the dataset already exists it will be -reattached by Flocker to the node that the pod is scheduled. This means data -can be shared between pods as required. - -{{< note >}} -You must have your own Flocker installation running before you can use it. -{{< /note >}} - -See the [Flocker example](https://github.com/kubernetes/examples/tree/master/staging/volumes/flocker) for more details. - ### gcePersistentDisk (deprecated) {#gcepersistentdisk} {{< feature-state for_k8s_version="v1.17" state="deprecated" >}} @@ -446,7 +427,7 @@ metadata: name: test-pd spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-container volumeMounts: - mountPath: /test-pd @@ -507,14 +488,13 @@ spec: #### GCE CSI migration -{{< feature-state for_k8s_version="v1.17" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} The `CSIMigration` feature for GCE PD, when enabled, redirects all plugin operations from the existing in-tree plugin to the `pd.csi.storage.gke.io` Container Storage Interface (CSI) Driver. In order to use this feature, the [GCE PD CSI Driver](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) -must be installed on the cluster and the `CSIMigration` and `CSIMigrationGCE` -beta features must be enabled. +must be installed on the cluster. #### GCE CSI migration complete @@ -554,7 +534,9 @@ spec: revision: "22f1d8406d464b0c0874075539c1f2e96c253775" ``` -### glusterfs +### glusterfs (deprecated) + +{{< feature-state for_k8s_version="v1.25" state="deprecated" >}} A `glusterfs` volume allows a [Glusterfs](https://www.gluster.org) (an open source networked filesystem) volume to be mounted into your Pod. Unlike @@ -629,7 +611,7 @@ metadata: name: test-pd spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-container volumeMounts: - mountPath: /test-pd @@ -660,7 +642,7 @@ metadata: spec: containers: - name: test-webserver - image: k8s.gcr.io/test-webserver:latest + image: registry.k8s.io/test-webserver:latest volumeMounts: - mountPath: /var/local/aaa name: mydir @@ -796,7 +778,9 @@ iSCSI volume) without knowing the details of the particular cloud environment. See the information about [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) for more details. -### portworxVolume {#portworxvolume} +### portworxVolume (deprecated) {#portworxvolume} + +{{< feature-state for_k8s_version="v1.25" state="deprecated" >}} A `portworxVolume` is an elastic block storage layer that runs hyperconverged with Kubernetes. [Portworx](https://portworx.com/use-case/kubernetes-storage/) fingerprints storage @@ -814,7 +798,7 @@ metadata: name: test-portworx-volume-pod spec: containers: - - image: k8s.gcr.io/test-webserver + - image: registry.k8s.io/test-webserver name: test-container volumeMounts: - mountPath: /mnt @@ -834,25 +818,22 @@ before using it in the Pod. For more details, see the [Portworx volume](https://github.com/kubernetes/examples/tree/master/staging/volumes/portworx/README.md) examples. +#### Portworx CSI migration +{{< feature-state for_k8s_version="v1.25" state="beta" >}} + +The `CSIMigration` feature for Portworx has been added but disabled by default in Kubernetes 1.23 since it's in alpha state. +It has been beta now since v1.25 but it is still turned off by default. +It redirects all plugin operations from the existing in-tree plugin to the +`pxd.portworx.com` Container Storage Interface (CSI) Driver. +[Portworx CSI Driver](https://docs.portworx.com/portworx-install-with-kubernetes/storage-operations/csi/) +must be installed on the cluster. +To enable the feature, set `CSIMigrationPortworx=true` in kube-controller-manager and kubelet. + ### projected A projected volume maps several existing volume sources into the same directory. For more details, see [projected volumes](/docs/concepts/storage/projected-volumes/). -### quobyte (deprecated) {#quobyte} - -A `quobyte` volume allows an existing [Quobyte](https://www.quobyte.com) volume to -be mounted into your Pod. - -{{< note >}} -You must have your own Quobyte setup and running with the volumes -created before you can use it. -{{< /note >}} - -Quobyte supports the {{< glossary_tooltip text="Container Storage Interface" term_id="csi" >}}. -CSI is the recommended plugin to use Quobyte volumes inside Kubernetes. Quobyte's -GitHub project has [instructions](https://github.com/quobyte/quobyte-csi#quobyte-csi) for deploying Quobyte using CSI, along with examples. - ### rbd An `rbd` volume allows a @@ -884,9 +865,10 @@ operations from the existing in-tree plugin to the `rbd.csi.ceph.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver. In order to use this feature, the [Ceph CSI driver](https://github.com/ceph/ceph-csi) -must be installed on the cluster and the `CSIMigration` and `csiMigrationRBD` -[feature gates](/docs/reference/command-line-tools-reference/feature-gates/) -must be enabled. +must be installed on the cluster and the `CSIMigrationRBD` +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +must be enabled. (Note that the `csiMigrationRBD` flag has been removed and +replaced with `CSIMigrationRBD` in release v1.24) {{< note >}} @@ -926,61 +908,6 @@ receive Secret updates. For more details, see [Configuring Secrets](/docs/concepts/configuration/secret/). -### storageOS (deprecated) {#storageos} - -A `storageos` volume allows an existing [StorageOS](https://www.storageos.com) -volume to mount into your Pod. - -StorageOS runs as a container within your Kubernetes environment, making local -or attached storage accessible from any node within the Kubernetes cluster. -Data can be replicated to protect against node failure. Thin provisioning and -compression can improve utilization and reduce cost. - -At its core, StorageOS provides block storage to containers, accessible from a file system. - -The StorageOS Container requires 64-bit Linux and has no additional dependencies. -A free developer license is available. - -{{< caution >}} -You must run the StorageOS container on each node that wants to -access StorageOS volumes or that will contribute storage capacity to the pool. -For installation instructions, consult the -[StorageOS documentation](https://docs.storageos.com). -{{< /caution >}} - -The following example is a Pod configuration with StorageOS: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - labels: - name: redis - role: master - name: test-storageos-redis -spec: - containers: - - name: master - image: kubernetes/redis:v1 - env: - - name: MASTER - value: "true" - ports: - - containerPort: 6379 - volumeMounts: - - mountPath: /redis-master-data - name: redis-data - volumes: - - name: redis-data - storageos: - # The `redis-vol01` volume must already exist within StorageOS in the `default` namespace. - volumeName: redis-vol01 - fsType: ext4 -``` - -For more information about StorageOS, dynamic provisioning, and PersistentVolumeClaims, see the -[StorageOS examples](https://github.com/kubernetes/examples/blob/master/volumes/storageos). - ### vsphereVolume (deprecated) {#vspherevolume} {{< note >}} @@ -996,20 +923,22 @@ For more information, see the [vSphere volume](https://github.com/kubernetes/exa {{< feature-state for_k8s_version="v1.19" state="beta" >}} -The `CSIMigration` feature for `vsphereVolume`, when enabled, redirects all plugin operations -from the existing in-tree plugin to the `csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver. In order to use this feature, the +The `CSIMigrationvSphere` feature for `vsphereVolume` is enabled by default as of Kubernetes v1.25. +All plugin operations from the in-tree `vspherevolume` will be redirected to the `csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver unless `CSIMigrationvSphere` feature gate is disabled. + + [vSphere CSI driver](https://github.com/kubernetes-sigs/vsphere-csi-driver) -must be installed on the cluster and the `CSIMigration` and `CSIMigrationvSphere` -[feature gates](/docs/reference/command-line-tools-reference/feature-gates/) must be enabled. -You can find additional advice on how to migrate in VMware's -documentation page [Migrating In-Tree vSphere Volumes to vSphere Container Storage Plug-in](https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/2.0/vmware-vsphere-csp-getting-started/GUID-968D421F-D464-4E22-8127-6CB9FF54423F.html). +must be installed on the cluster. You can find additional advice on how to migrate in-tree `vsphereVolume` in VMware's documentation page +[Migrating In-Tree vSphere Volumes to vSphere Container Storage Plug-in](https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/2.0/vmware-vsphere-csp-getting-started/GUID-968D421F-D464-4E22-8127-6CB9FF54423F.html). + +As of Kubernetes v1.25, vSphere releases less than 7.0u2 are not supported for the +(deprecated) in-tree vSphere storage driver. You must run vSphere 7.0u2 or later +in order to either continue using the deprecated driver, or to migrate to +the replacement CSI driver. -Kubernetes v{{< skew currentVersion >}} requires that you are using vSphere 7.0u2 or later -in order to migrate to the out-of-tree CSI driver. If you are running a version of Kubernetes other than v{{< skew currentVersion >}}, consult the documentation for that version of Kubernetes. -If you are running Kubernetes v{{< skew currentVersion >}} and an older version of vSphere, -consider upgrading to at least vSphere 7.0u2. + {{< note >}} The following StorageClass parameters from the built-in `vsphereVolume` plugin are not supported by the vSphere CSI driver: @@ -1032,16 +961,6 @@ but new volumes created by the vSphere CSI driver will not be honoring these par To turn off the `vsphereVolume` plugin from being loaded by the controller manager and the kubelet, you need to set `InTreePluginvSphereUnregister` feature flag to `true`. You must install a `csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver on all worker nodes. -#### Portworx CSI migration -{{< feature-state for_k8s_version="v1.23" state="alpha" >}} - -The `CSIMigration` feature for Portworx has been added but disabled by default in Kubernetes 1.23 since it's in alpha state. -It redirects all plugin operations from the existing in-tree plugin to the -`pxd.portworx.com` Container Storage Interface (CSI) Driver. -[Portworx CSI Driver](https://docs.portworx.com/portworx-install-with-kubernetes/storage-operations/csi/) -must be installed on the cluster. -To enable the feature, set `CSIMigrationPortworx=true` in kube-controller-manager and kubelet. - ## Using subPath {#using-subpath} Sometimes, it is useful to share one volume for multiple uses in a single pod. @@ -1179,8 +1098,7 @@ A `csi` volume can be used in a Pod in three different ways: * through a reference to a [PersistentVolumeClaim](#persistentvolumeclaim) * with a [generic ephemeral volume](/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes) -* with a [CSI ephemeral volume](/docs/concepts/storage/ephemeral-volumes/#csi-ephemeral-volumes) -if the driver supports that (beta feature) +* with a [CSI ephemeral volume](/docs/concepts/storage/ephemeral-volumes/#csi-ephemeral-volumes) if the driver supports that The following fields are available to storage administrators to configure a CSI persistent volume: @@ -1218,16 +1136,28 @@ persistent volume: `ControllerPublishVolume` and `ControllerUnpublishVolume` calls. This field is optional, and may be empty if no secret is required. If the Secret contains more than one secret, all secrets are passed. -* `nodeStageSecretRef`: A reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - `NodeStageVolume` call. This field is optional, and may be empty if no secret - is required. If the Secret contains more than one secret, all secrets - are passed. +`nodeExpandSecretRef`: A reference to the secret containing sensitive + information to pass to the CSI driver to complete the CSI + `NodeExpandVolume` call. This field is optional, and may be empty if no + secret is required. If the object contains more than one secret, all + secrets are passed. When you have configured secret data for node-initiated + volume expansion, the kubelet passes that data via the `NodeExpandVolume()` + call to the CSI driver. In order to use the `nodeExpandSecretRef` field, your + cluster should be running Kubernetes version 1.25 or later and you must enable + the [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) + named `CSINodeExpandSecret` for each kube-apiserver and for the kubelet on every + node. You must also be using a CSI driver that supports or requires secret data during + node-initiated storage resize operations. * `nodePublishSecretRef`: A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI `NodePublishVolume` call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +* `nodeStageSecretRef`: A reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + `NodeStageVolume` call. This field is optional, and may be empty if no secret + is required. If the Secret contains more than one secret, all secrets + are passed. #### CSI raw block volume support @@ -1241,7 +1171,7 @@ You can set up your #### CSI ephemeral volumes -{{< feature-state for_k8s_version="v1.16" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} You can directly configure CSI volumes within the Pod specification. Volumes specified in this way are ephemeral and do not @@ -1268,9 +1198,9 @@ For more details, refer to the deployment guide of the CSI plugin you wish to de #### Migrating to CSI drivers from in-tree plugins -{{< feature-state for_k8s_version="v1.17" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} -The `CSIMigration` feature, when enabled, directs operations against existing in-tree +The `CSIMigration` feature directs operations against existing in-tree plugins to corresponding CSI plugins (which are expected to be installed and configured). As a result, operators do not have to make any configuration changes to existing Storage Classes, PersistentVolumes or PersistentVolumeClaims @@ -1290,7 +1220,7 @@ The following in-tree plugins support persistent storage on Windows nodes: * [`gcePersistentDisk`](#gcepersistentdisk) * [`vsphereVolume`](#vspherevolume) -### flexVolume +### flexVolume (deprecated) {{< feature-state for_k8s_version="v1.23" state="deprecated" >}} diff --git a/content/en/docs/concepts/windows/intro.md b/content/en/docs/concepts/windows/intro.md index f3867ea86cdc4..67bdead2fc629 100644 --- a/content/en/docs/concepts/windows/intro.md +++ b/content/en/docs/concepts/windows/intro.md @@ -88,13 +88,12 @@ section refers to several key workload abstractions and how they map to Windows. * OS field: The `.spec.os.name` field should be set to `windows` to indicate that the current Pod uses Windows containers. - The `IdentifyPodOS` feature gate needs to be enabled for this field to be recognized. {{< note >}} - Starting from 1.24, the `IdentifyPodOS` feature gate is in Beta stage and defaults to be enabled. + Starting from 1.25, the `IdentifyPodOS` feature gate is in GA stage and defaults to be enabled. {{< /note >}} - If the `IdentifyPodOS` feature gate is enabled and you set the `.spec.os.name` field to `windows`, + If you set the `.spec.os.name` field to `windows`, you must not set the following fields in the `.spec` of that Pod: * `spec.hostPID` @@ -284,7 +283,7 @@ network port spaces). Kubernetes uses pause containers to allow for worker conta crashing or restarting without losing any of the networking configuration. Kubernetes maintains a multi-architecture image that includes support for Windows. -For Kubernetes v{{< skew currentVersion >}} the recommended pause image is `k8s.gcr.io/pause:3.6`. +For Kubernetes v{{< skew currentVersion >}} the recommended pause image is `registry.k8s.io/pause:3.6`. The [source code](https://github.com/kubernetes/kubernetes/tree/master/build/pause) is available on GitHub. diff --git a/content/en/docs/concepts/windows/user-guide.md b/content/en/docs/concepts/windows/user-guide.md index da5b8a6fec7fd..c9d6c301e64f8 100644 --- a/content/en/docs/concepts/windows/user-guide.md +++ b/content/en/docs/concepts/windows/user-guide.md @@ -158,14 +158,13 @@ schedule Linux and Windows workloads to their respective OS-specific nodes. The recommended approach is outlined below, with one of its main goals being that this approach should not break compatibility for existing Linux workloads. -If the `IdentifyPodOS` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is -enabled, you can (and should) set `.spec.os.name` for a Pod to indicate the operating system +Starting from 1.25, you can (and should) set `.spec.os.name` for each Pod, to indicate the operating system that the containers in that Pod are designed for. For Pods that run Linux containers, set `.spec.os.name` to `linux`. For Pods that run Windows containers, set `.spec.os.name` -to Windows. +to `windows`. {{< note >}} -Starting from 1.24, the `IdentifyPodOS` feature is in Beta stage and defaults to be enabled. +Starting from 1.25, the `IdentifyPodOS` feature is in GA stage and defaults to be enabled. {{< /note >}} The scheduler does not use the value of `.spec.os.name` when assigning Pods to nodes. You should diff --git a/content/en/docs/concepts/workloads/controllers/cron-jobs.md b/content/en/docs/concepts/workloads/controllers/cron-jobs.md index 2d2416226a8e6..1f64045422249 100644 --- a/content/en/docs/concepts/workloads/controllers/cron-jobs.md +++ b/content/en/docs/concepts/workloads/controllers/cron-jobs.md @@ -94,7 +94,7 @@ To generate CronJob schedule expressions, you can also use web tools like [cront ## Time zones For CronJobs with no time zone specified, the kube-controller-manager interprets schedules relative to its local time zone. -{{< feature-state for_k8s_version="v1.24" state="alpha" >}} +{{< feature-state for_k8s_version="v1.25" state="beta" >}} If you enable the `CronJobTimeZone` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/), you can specify a time zone for a CronJob (if you don't enable that feature gate, or if you are using a version of diff --git a/content/en/docs/concepts/workloads/controllers/job.md b/content/en/docs/concepts/workloads/controllers/job.md index cb1b72fd03dfe..a3216c6cf4853 100644 --- a/content/en/docs/concepts/workloads/controllers/job.md +++ b/content/en/docs/concepts/workloads/controllers/job.md @@ -695,6 +695,89 @@ The new Job itself will have a different uid from `a8f3d00d-c6d2-11e5-9f87-42010 `manualSelector: true` tells the system that you know what you are doing and to allow this mismatch. +### Pod failure policy {#pod-failure-policy} + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +{{< note >}} +You can only configure a Pod failure policy for a Job if you have the +`JobPodFailurePolicy` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +enabled in your cluster. Additionally, it is recommended +to enable the `PodDisruptionsCondition` feature gate in order to be able to detect and handle +Pod disruption conditions in the Pod failure policy (see also: +[Pod disruption conditions](/docs/concepts/workloads/pods/disruptions#pod-disruption-conditions)). Both feature gates are +available in Kubernetes v1.25. +{{< /note >}} + +A Pod failure policy, defined with the `.spec.podFailurePolicy` field, enables +your cluster to handle Pod failures based on the container exit codes and the +Pod conditions. + +In some situations, you may want to have a better control when handling Pod +failures than the control provided by the [Pod backoff failure policy](#pod-backoff-failure-policy), +which is based on the Job's `.spec.backoffLimit`. These are some examples of use cases: +* To optimize costs of running workloads by avoiding unnecessary Pod restarts, + you can terminate a Job as soon as one of its Pods fails with an exit code + indicating a software bug. +* To guarantee that your Job finishes even if there are disruptions, you can + ignore Pod failures caused by disruptions (such {{< glossary_tooltip text="preemption" term_id="preemption" >}}, + {{< glossary_tooltip text="API-initiated eviction" term_id="api-eviction" >}} + or {{< glossary_tooltip text="taint" term_id="taint" >}}-based eviction) so + that they don't count towards the `.spec.backoffLimit` limit of retries. + +You can configure a Pod failure policy, in the `.spec.podFailurePolicy` field, +to meet the above use cases. This policy can handle Pod failures based on the +container exit codes and the Pod conditions. + +Here is a manifest for a Job that defines a `podFailurePolicy`: + +{{< codenew file="/controllers/job-pod-failure-policy-example.yaml" >}} + +In the example above, the first rule of the Pod failure policy specifies that +the Job should be marked failed if the `main` container fails with the 42 exit +code. The following are the rules for the `main` container specifically: + +- an exit code of 0 means that the container succeeded +- an exit code of 42 means that the **entire Job** failed +- any other exit code represents that the container failed, and hence the entire + Pod. The Pod will be re-created if the total number of restarts is + below `backoffLimit`. If the `backoffLimit` is reached the **entire Job** failed. + +{{< note >}} +Because the Pod template specifies a `restartPolicy: Never`, +the kubelet does not restart the `main` container in that particular Pod. +{{< /note >}} + +The second rule of the Pod failure policy, specifying the `Ignore` action for +failed Pods with condition `DisruptionTarget` excludes Pod disruptions from +being counted towards the `.spec.backoffLimit` limit of retries. + +{{< note >}} +If the Job failed, either by the Pod failure policy or Pod backoff +failure policy, and the Job is running multiple Pods, Kubernetes terminates all +the Pods in that Job that are still Pending or Running. +{{< /note >}} + +These are some requirements and semantics of the API: +- if you want to use a `.spec.podFailurePolicy` field for a Job, you must + also define that Job's pod template with `.spec.restartPolicy` set to `Never`. +- the Pod failure policy rules you specify under `spec.podFailurePolicy.rules` + are evaluated in order. Once a rule matches a Pod failure, the remaining rules + are ignored. When no rule matches the Pod failure, the default + handling applies. +- you may want to restrict a rule to a specific container by specifing its name + in`spec.podFailurePolicy.rules[*].containerName`. When not specified the rule + applies to all containers. When specified, it should match one the container + or `initContainer` names in the Pod template. +- you may specify the action taken when a Pod failure policy is matched by + `spec.podFailurePolicy.rules[*].action`. Possible values are: + - `FailJob`: use to indicate that the Pod's job should be marked as Failed and + all running Pods should be terminated. + - `Ignore`: use to indicate that the counter towards the `.spec.backoffLimit` + should not be incremented and a replacement Pod should be created. + - `Count`: use to indicate that the Pod should be handled in the default way. + The counter towards the `.spec.backoffLimit` should be incremented. + ### Job tracking with finalizers {{< feature-state for_k8s_version="v1.23" state="beta" >}} @@ -783,3 +866,5 @@ object, but maintains complete control over what Pods are created and how work i * Read about [`CronJob`](/docs/concepts/workloads/controllers/cron-jobs/), which you can use to define a series of Jobs that will run based on a schedule, similar to the UNIX tool `cron`. +* Practice how to configure handling of retriable and non-retriable pod failures + using `podFailurePolicy`, based on the step-by-step [examples](/docs/tasks/job/pod-failure-policy/). diff --git a/content/en/docs/concepts/workloads/controllers/statefulset.md b/content/en/docs/concepts/workloads/controllers/statefulset.md index 1687399abd376..b5900ecc9ffc6 100644 --- a/content/en/docs/concepts/workloads/controllers/statefulset.md +++ b/content/en/docs/concepts/workloads/controllers/statefulset.md @@ -94,7 +94,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: nginx - image: k8s.gcr.io/nginx-slim:0.8 + image: registry.k8s.io/nginx-slim:0.8 ports: - containerPort: 80 name: web @@ -138,15 +138,13 @@ Provisioner. ### Minimum ready seconds -{{< feature-state for_k8s_version="v1.23" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} `.spec.minReadySeconds` is an optional field that specifies the minimum number of seconds for which a newly -created Pod should be ready without any of its containers crashing, for it to be considered available. -Please note that this feature is beta and enabled by default. Please opt out by unsetting the -StatefulSetMinReadySeconds flag, if you don't -want this feature to be enabled. This field defaults to 0 (the Pod will be considered -available as soon as it is ready). To learn more about when a Pod is considered ready, see -[Container Probes](/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). +created Pod should be running and ready without any of its containers crashing, for it to be considered available. +This is used to check progression of a rollout when using a [Rolling Update](#rolling-updates) strategy. +This field defaults to 0 (the Pod will be considered available as soon as it is ready). To learn more about when +a Pod is considered ready, see [Container Probes](/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). ## Pod Identity diff --git a/content/en/docs/concepts/workloads/pods/_index.md b/content/en/docs/concepts/workloads/pods/_index.md index 77994f754f967..d4521ece8a239 100644 --- a/content/en/docs/concepts/workloads/pods/_index.md +++ b/content/en/docs/concepts/workloads/pods/_index.md @@ -138,6 +138,23 @@ it is deleted. When you create the manifest for a Pod object, make sure the name specified is a valid [DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). +### Pod OS + +{{< feature-state state="stable" for_k8s_version="v1.25" >}} + +You should set the `.spec.os.name` field to either `windows` or `linux` to indicate the OS on +which you want the pod to run. These two are the only operating systems supported for now by +Kubernetes. In future, this list may be expanded. + +In Kubernetes v{{< skew currentVersion >}}, the value you set for this field has no +effect on {{< glossary_tooltip text="scheduling" term_id="kube-scheduler" >}} of the pods. +Setting the `.spec.os.name` helps to identify the pod OS +authoratitively and is used for validation. The kubelet refuses to run a Pod where you have +specified a Pod OS, if this isn't the same as the operating system for the node where +that kubelet is running. +The [Pod security standards](/docs/concepts/security/pod-security-standards/) also use this +field to avoid enforcing policies that aren't relevant to that operating system. + ### Pods and controllers You can use workload resources to create and manage multiple Pods for you. A controller diff --git a/content/en/docs/concepts/workloads/pods/disruptions.md b/content/en/docs/concepts/workloads/pods/disruptions.md index 055fc0a65d160..5b1fae8439ae8 100644 --- a/content/en/docs/concepts/workloads/pods/disruptions.md +++ b/content/en/docs/concepts/workloads/pods/disruptions.md @@ -227,6 +227,44 @@ can happen, according to: - the type of controller - the cluster's resource capacity +## Pod disruption conditions {#pod-disruption-conditions} + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +{{< note >}} +In order to use this behavior, you must enable the `PodDisruptionsCondition` +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +in your cluster. +{{< /note >}} + +When enabled, a dedicated Pod `DisruptionTarget` [condition](/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions) is added to indicate +that the Pod is about to be deleted due to a {{}}. +The `reason` field of the condition additionally +indicates one of the following reasons for the Pod termination: + +`PreemptionByKubeScheduler` +: Pod is due to be {{}} by a scheduler in order to accommodate a new Pod with a higher priority. For more information, see [Pod priority preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/). + +`DeletionByTaintManager` +: Pod is due to be deleted by Taint Manager (which is part of the node lifecycle controller within `kube-controller-manager`) due to a `NoExecute` taint that the Pod does not tolerate; see {{}}-based evictions. + +`EvictionByEvictionAPI` +: Pod has been marked for {{}} . + +`DeletionByPodGC` +: Pod, that is bound to a no longer existing Node, is due to be deleted by [Pod garbage collection](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection). + +{{< note >}} +A Pod disruption might be interrupted. The control plane might re-attempt to +continue the disruption of the same Pod, but it is not guaranteed. As a result, +the `DisruptionTarget` condition might be added to a Pod, but that Pod might then not actually be +deleted. In such a situation, after some time, the +Pod disruption condition will be cleared. +{{< /note >}} + +When using a Job (or CronJob), you may want to use these Pod disruption conditions as part of your Job's +[Pod failure policy](/docs/concepts/workloads/controllers/job#pod-failure-policy). + ## Separating Cluster Owner and Application Owner Roles Often, it is useful to think of the Cluster Manager diff --git a/content/en/docs/concepts/workloads/pods/ephemeral-containers.md b/content/en/docs/concepts/workloads/pods/ephemeral-containers.md index 0a70fedd6f2bb..cc894debafd8c 100644 --- a/content/en/docs/concepts/workloads/pods/ephemeral-containers.md +++ b/content/en/docs/concepts/workloads/pods/ephemeral-containers.md @@ -9,7 +9,7 @@ weight: 80 -{{< feature-state state="beta" for_k8s_version="v1.23" >}} +{{< feature-state state="stable" for_k8s_version="v1.25" >}} This page provides an overview of ephemeral containers: a special type of container that runs temporarily in an existing {{< glossary_tooltip term_id="pod" >}} to diff --git a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md index cae3bca87e723..26844751d8db6 100644 --- a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md +++ b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md @@ -154,9 +154,12 @@ without any problems, the kubelet resets the restart backoff timer for that cont A Pod has a PodStatus, which has an array of [PodConditions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podcondition-v1-core) -through which the Pod has or has not passed: +through which the Pod has or has not passed. Kubelet manages the following +PodConditions: * `PodScheduled`: the Pod has been scheduled to a node. +* `PodHasNetwork`: (alpha feature; must be [enabled explicitly](#pod-has-network)) the + Pod sandbox has been successfully created and networking configured. * `ContainersReady`: all containers in the Pod are ready. * `Initialized`: all [init containers](/docs/concepts/workloads/pods/init-containers/) have completed successfully. @@ -231,6 +234,40 @@ when both the following statements apply: When a Pod's containers are Ready but at least one custom condition is missing or `False`, the kubelet sets the Pod's [condition](#pod-conditions) to `ContainersReady`. +### Pod network readiness {#pod-has-network} + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +After a Pod gets scheduled on a node, it needs to be admitted by the Kubelet and +have any volumes mounted. Once these phases are complete, the Kubelet works with +a container runtime (using {{< glossary_tooltip term_id="cri" >}}) to set up a +runtime sandbox and configure networking for the Pod. If the +`PodHasNetworkCondition` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled, +Kubelet reports whether a pod has reached this initialization milestone through +the `PodHasNetwork` condition in the `status.conditions` field of a Pod. + +The `PodHasNetwork` condition is set to `False` by the Kubelet when it detects a +Pod does not have a runtime sandbox with networking configured. This occurs in +the following scenarios: +* Early in the lifecycle of the Pod, when the kubelet has not yet begun to set up a sandbox for the Pod using the container runtime. +* Later in the lifecycle of the Pod, when the Pod sandbox has been destroyed due + to either: + * the node rebooting, without the Pod getting evicted + * for container runtimes that use virtual machines for isolation, the Pod + sandbox virtual machine rebooting, which then requires creating a new sandbox and fresh container network configuration. + +The `PodHasNetwork` condition is set to `True` by the kubelet after the +successful completion of sandbox creation and network configuration for the Pod +by the runtime plugin. The kubelet can start pulling container images and create +containers after `PodHasNetwork` condition has been set to `True`. + +For a Pod with init containers, the kubelet sets the `Initialized` condition to +`True` after the init containers have successfully completed (which happens +after successful sandbox creation and network configuration by the runtime +plugin). For a Pod without init containers, the kubelet sets the `Initialized` +condition to `True` before sandbox creation and network configuration starts. + + ## Container probes A _probe_ is a diagnostic diff --git a/content/en/docs/concepts/workloads/pods/user-namespaces.md b/content/en/docs/concepts/workloads/pods/user-namespaces.md new file mode 100644 index 0000000000000..aa376d7657db7 --- /dev/null +++ b/content/en/docs/concepts/workloads/pods/user-namespaces.md @@ -0,0 +1,164 @@ +--- +title: User Namespaces +reviewers: +content_type: concept +weight: 160 +min-kubernetes-server-version: v1.25 +--- + + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +This page explains how user namespaces are used in Kubernetes pods. A user +namespace allows to isolate the user running inside the container from the one +in the host. + +A process running as root in a container can run as a different (non-root) user +in the host; in other words, the process has full privileges for operations +inside the user namespace, but is unprivileged for operations outside the +namespace. + +You can use this feature to reduce the damage a compromised container can do to +the host or other pods in the same node. There are [several security +vulnerabilities][KEP-vulns] rated either **HIGH** or **CRITICAL** that were not +exploitable when user namespaces is active. It is expected user namespace will +mitigate some future vulnerabilities too. + +[KEP-vulns]: https://github.com/kubernetes/enhancements/tree/217d790720c5aef09b8bd4d6ca96284a0affe6c2/keps/sig-node/127-user-namespaces#motivation + + +## {{% heading "prerequisites" %}} + +{{% thirdparty-content single="true" %}} + + +This is a Linux only feature. In addition, support is needed in the +{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} +to use this feature with Kubernetes stateless pods: + +* CRI-O: v1.25 has support for user namespaces. + +* containerd: support is planned for the 1.7 release. See containerd + issue [#7063][containerd-userns-issue] for more details. + +Support for this in [cri-dockerd is not planned][CRI-dockerd-issue] yet. + +[CRI-dockerd-issue]: https://github.com/Mirantis/cri-dockerd/issues/74 +[containerd-userns-issue]: https://github.com/containerd/containerd/issues/7063 + +## Introduction + +User namespaces is a Linux feature that allows to map users in the container to +different users in the host. Furthermore, the capabilities granted to a pod in +a user namespace are valid only in the namespace and void outside of it. + +A pod can opt-in to use user nameapces by setting the `pod.spec.hostUsers` field +to `false`. + +The kubelet will pick host UIDs/GIDs a pod is mapped to, and will do so in a way +to guarantee that no two stateless pods on the same node use the same mapping. + +The `runAsUser`, `runAsGroup`, `fsGroup`, etc. fields in the `pod.spec` always +refer to the user inside the container. + +The valid UIDs/GIDs when this feature is enabled is the range 0-65535. This +applies to files and processes (`runAsUser`, `runAsGroup`, etc.). + +Files using a UID/GID outside this range will be seen as belonging to the +overflow ID, usually 65534 (configured in `/proc/sys/kernel/overflowuid` and +`/proc/sys/kernel/overflowgid`). However, it is not possible to modify those +files, even by running as the 65534 user/group. + +Most applications that need to run as root but don't access other host +namespaces or resources, should continue to run fine without any changes needed +if user namespaces is activated. + +## Understanding user namespaces for stateless pods + +Several container runtimes with their default configuration (like Docker Engine, +containerd, CRI-O) use Linux namespaces for isolation. Other technologies exist +and can be used with those runtimes too (e.g. Kata Containers uses VMs instead of +Linux namespaces). This page is applicable for container runtimes using Linux +namespaces for isolation. + +When creating a pod, by default, several new namespaces are used for isolation: +a network namespace to isolate the network of the container, a PID namespace to +isolate the view of processes, etc. If a user namespace is used, this will +isolate the users in the container from the users in the node. + +This means containers can run as root and be mapped to a non-root user on the +host. Inside the container the process will think it is running as root (and +therefore tools like `apt`, `yum`, etc. work fine), while in reality the process +doesn't have privileges on the host. You can verify this, for example, if you +check the user the container process is running `ps` from the host. The user +`ps` shows is not the same as the user you see if you execute inside the +container the command `id`. + +This abstraction limits what can happen, for example, if the container manages +to escape to the host. Given that the container is running as a non-privileged +user on the host, it is limited what it can do to the host. + +Furthermore, as users on each pod will be mapped to different non-overlapping +users in the host, it is limited what they can do to other pods too. + +Capabilities granted to a pod are also limited to the pod user namespace and +mostly invalid out of it, some are even completely void. Here are two examples: +- `CAP_SYS_MODULE` does not have any effect if granted to a pod using user +namespaces, the pod isn't able to load kernel modules. +- `CAP_SYS_ADMIN` is limited to the pod's user namespace and invalid outside +of it. + +Without using a user namespace a container running as root, in the case of a +container breakout, has root privileges on the node. And if some capability were +granted to the container, the capabilities are valid on the host too. None of +this is true when we use user namespaces. + +If you want to know more details about what changes when user namespaces are in +use, see `man 7 user_namespaces`. + +## Set up a node to support user namespaces + +It is recommended that the host's files and host's processes use UIDs/GIDs in +the range of 0-65535. + +The kubelet will assign UIDs/GIDs higher than that to pods. Therefore, to +guarantee as much isolation as possible, the UIDs/GIDs used by the host's files +and host's processes should be in the range 0-65535. + +Note that this recommendation is important to mitigate the impact of CVEs like +[CVE-2021-25741][CVE-2021-25741], where a pod can potentially read arbitrary +files in the hosts. If the UIDs/GIDs of the pod and the host don't overlap, it +is limited what a pod would be able to do: the pod UID/GID won't match the +host's file owner/group. + +[CVE-2021-25741]: https://github.com/kubernetes/kubernetes/issues/104980 + +## Limitations + +When using a user namespace for the pod, it is disallowed to use other host +namespaces. In particular, if you set `hostUsers: false` then you are not +allowed to set any of: + + * `hostNetwork: true` + * `hostIPC: true` + * `hostPID: true` + +The pod is allowed to use no volumes at all or, if using volumes, only these +volume types are allowed: + + * configmap + * secret + * projected + * downwardAPI + * emptyDir + +To guarantee that the pod can read the files of such volumes, volumes are +created as if you specified `.spec.securityContext.fsGroup` as `0` for the Pod. +If it is specified to a different value, this other value will of course be +honored instead. + +As a by-product of this, folders and files for these volumes will have +permissions for the group, even if `defaultMode` or `mode` to specific items of +the volumes were specified without permissions to groups. For example, it is not +possible to mount these volumes in a way that its files have permissions only +for the owner. diff --git a/content/en/docs/contribute/style/write-new-topic.md b/content/en/docs/contribute/style/write-new-topic.md index 7cac1aa6b7fd5..9c39463db98d5 100644 --- a/content/en/docs/contribute/style/write-new-topic.md +++ b/content/en/docs/contribute/style/write-new-topic.md @@ -105,8 +105,8 @@ following cases (not an exhaustive list): [FlexVolume](/docs/concepts/storage/volumes#flexvolume) implementation. - The code is an incomplete example because its purpose is to highlight a portion of a larger file. For example, when describing ways to - customize the [PodSecurityPolicy](/docs/tasks/administer-cluster/sysctl-cluster/#podsecuritypolicy) - for some reasons, you can provide a short snippet directly in your topic file. + customize a [RoleBinding](/docs/reference/access-authn-authz/rbac/#role-binding-examples), + you can provide a short snippet directly in your topic file. - The code is not meant for users to try out due to other reasons. For example, when describing how a new attribute should be added to a resource using the `kubectl edit` command, you can provide a short example that includes only diff --git a/content/en/docs/reference/access-authn-authz/authorization.md b/content/en/docs/reference/access-authn-authz/authorization.md index ea6147fcbad96..9a77c7ac21124 100644 --- a/content/en/docs/reference/access-authn-authz/authorization.md +++ b/content/en/docs/reference/access-authn-authz/authorization.md @@ -80,8 +80,6 @@ The `get`, `list` and `watch` verbs can all return the full details of a resourc Kubernetes sometimes checks authorization for additional permissions using specialized verbs. For example: -* [PodSecurityPolicy](/docs/concepts/security/pod-security-policy/) - * `use` verb on `podsecuritypolicies` resources in the `policy` API group. * [RBAC](/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping) * `bind` and `escalate` verbs on `roles` and `clusterroles` resources in the `rbac.authorization.k8s.io` API group. * [Authentication](/docs/reference/access-authn-authz/authentication/) diff --git a/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md b/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md index 82394b363afd0..34e40fca43611 100644 --- a/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md +++ b/content/en/docs/reference/access-authn-authz/psp-to-pod-security-standards.md @@ -9,7 +9,7 @@ weight: 95 The tables below enumerate the configuration parameters on -[PodSecurityPolicy](/docs/concepts/security/pod-security-policy/) objects, whether the field mutates +`PodSecurityPolicy` objects, whether the field mutates and/or validates pods, and how the configuration values map to the [Pod Security Standards](/docs/concepts/security/pod-security-standards/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index d2d740c1930b3..dfa817eec1cad 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -64,34 +64,28 @@ different Kubernetes components. | `AnyVolumeDataSource` | `false` | Alpha | 1.18 | 1.23 | | `AnyVolumeDataSource` | `true` | Beta | 1.24 | | | `AppArmor` | `true` | Beta | 1.4 | | +| `CheckpointContainer` | `false` | Alpha | 1.25 | | | `CPUManager` | `false` | Alpha | 1.8 | 1.9 | | `CPUManager` | `true` | Beta | 1.10 | | | `CPUManagerPolicyAlphaOptions` | `false` | Alpha | 1.23 | | | `CPUManagerPolicyBetaOptions` | `true` | Beta | 1.23 | | | `CPUManagerPolicyOptions` | `false` | Alpha | 1.22 | 1.22 | | `CPUManagerPolicyOptions` | `true` | Beta | 1.23 | | -| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 | -| `CSIInlineVolume` | `true` | Beta | 1.16 | - | -| `CSIMigration` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigration` | `true` | Beta | 1.17 | | -| `CSIMigrationAWS` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationAWS` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationAWS` | `true` | Beta | 1.23 | | -| `CSIMigrationAzureFile` | `false` | Alpha | 1.15 | 1.19 | +| `CSIMigrationAzureFile` | `false` | Alpha | 1.15 | 1.20 | | `CSIMigrationAzureFile` | `false` | Beta | 1.21 | 1.23 | | `CSIMigrationAzureFile` | `true` | Beta | 1.24 | | -| `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationGCE` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationGCE` | `true` | Beta | 1.23 | | -| `CSIMigrationvSphere` | `false` | Beta | 1.19 | | -| `CSIMigrationPortworx` | `false` | Alpha | 1.23 | | -| `csiMigrationRBD` | `false` | Alpha | 1.23 | | +| `CSIMigrationPortworx` | `false` | Alpha | 1.23 | 1.24 | +| `CSIMigrationPortworx` | `false` | Beta | 1.25 | | +| `CSIMigrationRBD` | `false` | Alpha | 1.23 | | +| `CSIMigrationvSphere` | `false` | Alpha | 1.18 | 1.18 | +| `CSIMigrationvSphere` | `false` | Beta | 1.19 | 1.24 | +| `CSIMigrationvSphere` | `true` | Beta | 1.25 | | +| `CSINodeExpandSecret` | `false` | Alpha | 1.25 | | | `CSIVolumeHealth` | `false` | Alpha | 1.21 | | | `ContextualLogging` | `false` | Alpha | 1.24 | | | `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | | -| `CustomResourceValidationExpressions` | `false` | Alpha | 1.23 | | -| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 | -| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | | +| `CustomResourceValidationExpressions` | `false` | Alpha | 1.23 | 1.24 | +| `CustomResourceValidationExpressions` | `true` | Beta | 1.25 | | | `DelegateFSGroupToCSIDriver` | `false` | Alpha | 1.22 | 1.22 | | `DelegateFSGroupToCSIDriver` | `true` | Beta | 1.23 | | | `DevicePlugins` | `false` | Alpha | 1.8 | 1.9 | @@ -105,8 +99,6 @@ different Kubernetes components. | `DownwardAPIHugePages` | `true` | Beta | 1.22 | | | `EndpointSliceTerminatingCondition` | `false` | Alpha | 1.20 | 1.21 | | `EndpointSliceTerminatingCondition` | `true` | Beta | 1.22 | | -| `EphemeralContainers` | `false` | Alpha | 1.16 | 1.22 | -| `EphemeralContainers` | `true` | Beta | 1.23 | | | `ExpandedDNSConfig` | `false` | Alpha | 1.22 | | | `ExperimentalHostUserNamespaceDefaulting` | `false` | Beta | 1.5 | | | `GracefulNodeShutdown` | `false` | Alpha | 1.20 | 1.20 | @@ -118,8 +110,6 @@ different Kubernetes components. | `HonorPVReclaimPolicy` | `false` | Alpha | 1.23 | | | `HPAContainerMetrics` | `false` | Alpha | 1.20 | | | `HPAScaleToZero` | `false` | Alpha | 1.16 | | -| `IdentifyPodOS` | `false` | Alpha | 1.23 | 1.23 | -| `IdentifyPodOS` | `true` | Beta | 1.24 | | | `InTreePluginAWSUnregister` | `false` | Alpha | 1.21 | | | `InTreePluginAzureDiskUnregister` | `false` | Alpha | 1.21 | | | `InTreePluginAzureFileUnregister` | `false` | Alpha | 1.21 | | @@ -141,21 +131,22 @@ different Kubernetes components. | `KubeletPodResources` | `true` | Beta | 1.15 | | | `KubeletPodResourcesGetAllocatable` | `false` | Alpha | 1.21 | 1.22 | | `KubeletPodResourcesGetAllocatable` | `true` | Beta | 1.23 | | -| `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 | -| `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | | -| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | | +| `KubeletTracing` | `false` | Alpha | 1.25 | | +| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | 1.24 | +| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `true` | Beta | 1.25 | | | `LogarithmicScaleDown` | `false` | Alpha | 1.21 | 1.21 | | `LogarithmicScaleDown` | `true` | Beta | 1.22 | | +| `MatchLabelKeysInPodTopologySpread` | `false` | Alpha | 1.25 | | | `MaxUnavailableStatefulSet` | `false` | Alpha | 1.24 | | | `MemoryManager` | `false` | Alpha | 1.21 | 1.21 | | `MemoryManager` | `true` | Beta | 1.22 | | | `MemoryQoS` | `false` | Alpha | 1.22 | | -| `MinDomainsInPodTopologySpread` | `false` | Alpha | 1.24 | | +| `MinDomainsInPodTopologySpread` | `false` | Alpha | 1.24 | 1.24 | +| `MinDomainsInPodTopologySpread` | `true` | Beta | 1.25 | | | `MixedProtocolLBService` | `false` | Alpha | 1.20 | 1.23 | | `MixedProtocolLBService` | `true` | Beta | 1.24 | | -| `NetworkPolicyEndPort` | `false` | Alpha | 1.21 | 1.21 | -| `NetworkPolicyEndPort` | `true` | Beta | 1.22 | | | `NetworkPolicyStatus` | `false` | Alpha | 1.24 | | +| `NodeInclusionPolicyInPodTopologySpread` | `false` | Alpha | 1.25 | | | `NodeSwap` | `false` | Alpha | 1.22 | | | `NodeOutOfServiceVolumeDetach` | `false` | Alpha | 1.24 | | | `OpenAPIEnums` | `false` | Alpha | 1.23 | 1.23 | @@ -165,10 +156,12 @@ different Kubernetes components. | `PodAndContainerStatsFromCRI` | `false` | Alpha | 1.23 | | | `PodDeletionCost` | `false` | Alpha | 1.21 | 1.21 | | `PodDeletionCost` | `true` | Beta | 1.22 | | +| `PodHasNetworkCondition` | `false` | Alpha | 1.25 | | | `PodSecurity` | `false` | Alpha | 1.22 | 1.22 | | `PodSecurity` | `true` | Beta | 1.23 | | | `ProbeTerminationGracePeriod` | `false` | Alpha | 1.21 | 1.21 | -| `ProbeTerminationGracePeriod` | `false` | Beta | 1.22 | | +| `ProbeTerminationGracePeriod` | `false` | Beta | 1.22 | 1.24 | +| `ProbeTerminationGracePeriod` | `true` | Beta | 1.25 | | | `ProcMountType` | `false` | Alpha | 1.12 | | | `ProxyTerminatingEndpoints` | `false` | Alpha | 1.22 | | | `QOSReserved` | `false` | Alpha | 1.11 | | @@ -178,16 +171,17 @@ different Kubernetes components. | `RemainingItemCount` | `true` | Beta | 1.16 | | | `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 | | `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | | -| `SeccompDefault` | `false` | Alpha | 1.22 | | -| `ServerSideFieldValidation` | `false` | Alpha | 1.23 | - | +| `SeccompDefault` | `false` | Alpha | 1.22 | 1.24 | +| `SeccompDefault` | `true` | Beta | 1.25 | | +| `ServerSideFieldValidation` | `false` | Alpha | 1.23 | 1.24 | +| `ServerSideFieldValidation` | `true` | Beta | 1.25 | | | `ServiceInternalTrafficPolicy` | `false` | Alpha | 1.21 | 1.21 | | `ServiceInternalTrafficPolicy` | `true` | Beta | 1.22 | | -| `ServiceIPStaticSubrange` | `false` | Alpha | 1.24 | | +| `ServiceIPStaticSubrange` | `false` | Alpha | 1.24 | 1.24 | +| `ServiceIPStaticSubrange` | `true` | Beta | 1.25 | | | `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | 1.21 | | `SizeMemoryBackedVolumes` | `true` | Beta | 1.22 | | | `StatefulSetAutoDeletePVC` | `false` | Alpha | 1.22 | | -| `StatefulSetMinReadySeconds` | `false` | Alpha | 1.22 | 1.22 | -| `StatefulSetMinReadySeconds` | `true` | Beta | 1.23 | | | `StorageVersionAPI` | `false` | Alpha | 1.20 | | | `StorageVersionHash` | `false` | Alpha | 1.14 | 1.14 | | `StorageVersionHash` | `true` | Beta | 1.15 | | @@ -245,6 +239,16 @@ different Kubernetes components. | `CSIDriverRegistry` | `false` | Alpha | 1.12 | 1.13 | | `CSIDriverRegistry` | `true` | Beta | 1.14 | 1.17 | | `CSIDriverRegistry` | `true` | GA | 1.18 | - | +| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 | +| `CSIInlineVolume` | `true` | Beta | 1.16 | 1.24 | +| `CSIInlineVolume` | `true` | GA | 1.25 | - | +| `CSIMigration` | `false` | Alpha | 1.14 | 1.16 | +| `CSIMigration` | `true` | Beta | 1.17 | 1.24 | +| `CSIMigration` | `true` | GA | 1.25 | - | +| `CSIMigrationAWS` | `false` | Alpha | 1.14 | 1.16 | +| `CSIMigrationAWS` | `false` | Beta | 1.17 | 1.22 | +| `CSIMigrationAWS` | `true` | Beta | 1.23 | 1.24 | +| `CSIMigrationAWS` | `true` | GA | 1.25 | - | | `CSIMigrationAWSComplete` | `false` | Alpha | 1.17 | 1.20 | | `CSIMigrationAWSComplete` | - | Deprecated | 1.21 | - | | `CSIMigrationAzureDisk` | `false` | Alpha | 1.15 | 1.18 | @@ -255,6 +259,10 @@ different Kubernetes components. | `CSIMigrationAzureDiskComplete` | - | Deprecated | 1.21 | - | | `CSIMigrationAzureFileComplete` | `false` | Alpha | 1.17 | 1.20 | | `CSIMigrationAzureFileComplete` | - | Deprecated | 1.21 | - | +| `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 | +| `CSIMigrationGCE` | `false` | Beta | 1.17 | 1.22 | +| `CSIMigrationGCE` | `true` | Beta | 1.23 | 1.24 | +| `CSIMigrationGCE` | `true` | GA | 1.25 | - | | `CSIMigrationGCEComplete` | `false` | Alpha | 1.17 | 1.20 | | `CSIMigrationGCEComplete` | - | Deprecated | 1.21 | - | | `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | 1.17 | @@ -284,7 +292,8 @@ different Kubernetes components. | `CronJobControllerV2` | `false` | Alpha | 1.20 | 1.20 | | `CronJobControllerV2` | `true` | Beta | 1.21 | 1.21 | | `CronJobControllerV2` | `true` | GA | 1.22 | - | -| `CronJobTimeZone` | `false` | Alpha | 1.24 | | +| `CronJobTimeZone` | `false` | Alpha | 1.24 | 1.24 | +| `CronJobTimeZone` | `true` | Beta | 1.25 | | | `CustomPodDNS` | `false` | Alpha | 1.9 | 1.9 | | `CustomPodDNS` | `true` | Beta| 1.10 | 1.13 | | `CustomPodDNS` | `true` | GA | 1.14 | - | @@ -303,6 +312,9 @@ different Kubernetes components. | `CustomResourceWebhookConversion` | `false` | Alpha | 1.13 | 1.14 | | `CustomResourceWebhookConversion` | `true` | Beta | 1.15 | 1.15 | | `CustomResourceWebhookConversion` | `true` | GA | 1.16 | - | +| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 | +| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | 1.24 | +| `DaemonSetUpdateSurge` | `true` | GA | 1.25 | - | | `DefaultPodTopologySpread` | `false` | Alpha | 1.19 | 1.19 | | `DefaultPodTopologySpread` | `true` | Beta | 1.20 | 1.23 | | `DefaultPodTopologySpread` | `true` | GA | 1.24 | - | @@ -333,6 +345,9 @@ different Kubernetes components. | `EndpointSliceProxying` | `false` | Alpha | 1.18 | 1.18 | | `EndpointSliceProxying` | `true` | Beta | 1.19 | 1.21 | | `EndpointSliceProxying` | `true` | GA | 1.22 | - | +| `EphemeralContainers` | `false` | Alpha | 1.16 | 1.22 | +| `EphemeralContainers` | `true` | Beta | 1.23 | 1.24 | +| `EphemeralContainers` | `true` | GA | 1.25 | - | | `EvenPodsSpread` | `false` | Alpha | 1.16 | 1.17 | | `EvenPodsSpread` | `true` | Beta | 1.18 | 1.18 | | `EvenPodsSpread` | `true` | GA | 1.19 | - | @@ -362,6 +377,9 @@ different Kubernetes components. | `HugePages` | `true` | GA | 1.14 | - | | `HyperVContainer` | `false` | Alpha | 1.10 | 1.19 | | `HyperVContainer` | `false` | Deprecated | 1.20 | - | +| `IdentifyPodOS` | `false` | Alpha | 1.23 | 1.23 | +| `IdentifyPodOS` | `true` | Beta | 1.24 | 1.24 | +| `IdentifyPodOS` | `true` | GA | 1.25 | - | | `IPv6DualStack` | `false` | Alpha | 1.15 | 1.20 | | `IPv6DualStack` | `true` | Beta | 1.21 | 1.22 | | `IPv6DualStack` | `true` | GA | 1.23 | - | @@ -376,6 +394,7 @@ different Kubernetes components. | `IngressClassNamespacedParams` | `true` | GA | 1.23 | - | | `Initializers` | `false` | Alpha | 1.7 | 1.13 | | `Initializers` | - | Deprecated | 1.14 | - | +| `JobPodFailurePolicy` | `false` | Alpha | 1.25 | - | | `KubeletConfigFile` | `false` | Alpha | 1.8 | 1.9 | | `KubeletConfigFile` | - | Deprecated | 1.10 | - | | `KubeletPluginsWatcher` | `false` | Alpha | 1.11 | 1.11 | @@ -385,6 +404,9 @@ different Kubernetes components. | `LegacyNodeRoleBehavior` | `true` | Beta | 1.19 | 1.20 | | `LegacyNodeRoleBehavior` | `false` | GA | 1.21 | - | | `LegacyServiceAccountTokenNoAutoGeneration` | `true` | Beta | 1.24 | | +| `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 | +| `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | 1.24 | +| `LocalStorageCapacityIsolation` | `true` | GA | 1.25 | - | | `MountContainers` | `false` | Alpha | 1.9 | 1.16 | | `MountContainers` | `false` | Deprecated | 1.17 | - | | `MountPropagation` | `false` | Alpha | 1.8 | 1.9 | @@ -392,6 +414,9 @@ different Kubernetes components. | `MountPropagation` | `true` | GA | 1.12 | - | | `NamespaceDefaultLabelName` | `true` | Beta | 1.21 | 1.21 | | `NamespaceDefaultLabelName` | `true` | GA | 1.22 | - | +| `NetworkPolicyEndPort` | `false` | Alpha | 1.21 | 1.21 | +| `NetworkPolicyEndPort` | `true` | Beta | 1.22 | 1.24 | +| `NetworkPolicyEndPort` | `true` | GA | 1.25 | - | | `NodeDisruptionExclusion` | `false` | Alpha | 1.16 | 1.18 | | `NodeDisruptionExclusion` | `true` | Beta | 1.19 | 1.20 | | `NodeDisruptionExclusion` | `true` | GA | 1.21 | - | @@ -412,6 +437,7 @@ different Kubernetes components. | `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | | `PodDisruptionBudget` | `true` | Beta | 1.5 | 1.20 | | `PodDisruptionBudget` | `true` | GA | 1.21 | - | +| `PodDisruptionConditions` | `false` | Alpha | 1.25 | - | | `PodOverhead` | `false` | Alpha | 1.16 | 1.17 | | `PodOverhead` | `true` | Beta | 1.18 | 1.23 | | `PodOverhead` | `true` | GA | 1.24 | - | @@ -485,6 +511,9 @@ different Kubernetes components. | `StartupProbe` | `false` | Alpha | 1.16 | 1.17 | | `StartupProbe` | `true` | Beta | 1.18 | 1.19 | | `StartupProbe` | `true` | GA | 1.20 | - | +| `StatefulSetMinReadySeconds` | `false` | Alpha | 1.22 | 1.22 | +| `StatefulSetMinReadySeconds` | `true` | Beta | 1.23 | 1.24 | +| `StatefulSetMinReadySeconds` | `true` | GA | 1.25 | - | | `StorageObjectInUseProtection` | `true` | Beta | 1.10 | 1.10 | | `StorageObjectInUseProtection` | `true` | GA | 1.11 | - | | `StreamingProxyRedirects` | `false` | Beta | 1.5 | 1.5 | @@ -603,6 +632,7 @@ Each feature gate is designed for enabling/disabling a specific feature: - `APIResponseCompression`: Compress the API responses for `LIST` or `GET` requests. - `APIServerIdentity`: Assign each API server an ID in a cluster. - `APIServerTracing`: Add support for distributed tracing in the API server. + See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/traces-for-kubernetes-system-components) for more details. - `Accelerators`: Provided an early form of plugin to enable Nvidia GPU support when using Docker Engine; no longer available. See [Device Plugins](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) for @@ -634,6 +664,8 @@ Each feature gate is designed for enabling/disabling a specific feature: flag `--service-account-extend-token-expiration=false`. Check [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md) for more details. +- `CheckpointContainer`: Enables the kubelet `checkpoint` API. + See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details. - `ControllerManagerLeaderMigration`: Enables Leader Migration for [kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) and [cloud-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager) @@ -760,6 +792,8 @@ Each feature gate is designed for enabling/disabling a specific feature: from the Portworx in-tree plugin to Portworx CSI plugin. Requires Portworx CSI driver to be installed and configured in the cluster. - `CSINodeInfo`: Enable all logic related to the CSINodeInfo API object in `csi.storage.k8s.io`. +- `CSINodeExpandSecret`: Enable passing secret authentication data to a CSI driver for use + during a `NodeExpandVolume` CSI operation. - `CSIPersistentVolume`: Enable discovering and mounting volumes provisioned through a [CSI (Container Storage Interface)](https://git.k8s.io/design-proposals-archive/storage/container-storage-interface.md) compatible volume plugin. @@ -940,6 +974,7 @@ Each feature gate is designed for enabling/disabling a specific feature: support for IPv6. - `JobMutableNodeSchedulingDirectives`: Allows updating node scheduling directives in the pod template of [Job](/docs/concepts/workloads/controllers/job). +- `JobPodFailurePolicy`: Allow users to specify handling of pod failures based on container exit codes and pod conditions. - `JobReadyPods`: Enables tracking the number of Pods that have a `Ready` [condition](/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions). The count of `Ready` pods is recorded in the @@ -971,6 +1006,10 @@ Each feature gate is designed for enabling/disabling a specific feature: - `LegacyNodeRoleBehavior`: When disabled, legacy behavior in service load balancers and node disruption will ignore the `node-role.kubernetes.io/master` label in favor of the feature-specific labels provided by `NodeDisruptionExclusion` and `ServiceNodeExclusion`. +- `KubeletTracing`: Add support for distributed tracing in the kubelet. + When enabled, kubelet CRI interface and authenticated http servers are instrumented to generate + OpenTelemetry trace spans. + See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/traces-for-kubernetes-system-components) for more details. - `LegacyServiceAccountTokenNoAutoGeneration`: Stop auto-generation of Secret-based [service account tokens](/docs/reference/access-authn-authz/authentication/#service-account-tokens). - `LocalStorageCapacityIsolation`: Enable the consumption of @@ -986,6 +1025,8 @@ Each feature gate is designed for enabling/disabling a specific feature: filesystem walk for better performance and accuracy. - `LogarithmicScaleDown`: Enable semi-random selection of pods to evict on controller scaledown based on logarithmic bucketing of pod timestamps. +- `MatchLabelKeysInPodTopologySpread`: Enable the `matchLabelKeys` field for + [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). - `MaxUnavailableStatefulSet`: Enables setting the `maxUnavailable` field for the [rolling update strategy](/docs/concepts/workloads/controllers/statefulset/#rolling-updates) of a StatefulSet. The field specifies the maximum number of Pods @@ -994,8 +1035,8 @@ Each feature gate is designed for enabling/disabling a specific feature: NUMA topology. - `MemoryQoS`: Enable memory protection and usage throttle on pod / container using cgroup v2 memory controller. -- `MinDomainsInPodTopologySpread`: Enable `minDomains` in Pod - [topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). +- `MinDomainsInPodTopologySpread`: Enable `minDomains` in + [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). - `MixedProtocolLBService`: Enable using different protocols in the same `LoadBalancer` type Service instance. - `MountContainers`: Enable using utility containers on host as the volume mounter. @@ -1007,6 +1048,9 @@ Each feature gate is designed for enabling/disabling a specific feature: - `NetworkPolicyEndPort`: Enable use of the field `endPort` in NetworkPolicy objects, allowing the selection of a port range instead of a single port. - `NetworkPolicyStatus`: Enable the `status` subresource for NetworkPolicy objects. +- `NodeInclusionPolicyInPodTopologySpread`: Enable using `nodeAffinityPolicy` and `nodeTaintsPolicy` in + [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/) + when calculating pod topology spread skew. - `NodeDisruptionExclusion`: Enable use of the Node label `node.kubernetes.io/exclude-disruption` which prevents nodes from being evacuated during zone failures. - `NodeLease`: Enable the new Lease API to report node heartbeats, which could be used as a node health signal. @@ -1025,13 +1069,15 @@ Each feature gate is designed for enabling/disabling a specific feature: feature which allows users to influence ReplicaSet downscaling order. - `PersistentLocalVolumes`: Enable the usage of `local` volume type in Pods. Pod affinity has to be specified if requesting a `local` volume. -- `PodAndContainerStatsFromCRI`: Configure the kubelet to gather container and - pod stats from the CRI container runtime rather than gathering them from cAdvisor. -- `PodDisruptionBudget`: Enable the [PodDisruptionBudget](/docs/tasks/run-application/configure-pdb/) feature. - `PodAffinityNamespaceSelector`: Enable the [Pod Affinity Namespace Selector](/docs/concepts/scheduling-eviction/assign-pod-node/#namespace-selector) and [CrossNamespacePodAffinity](/docs/concepts/policy/resource-quotas/#cross-namespace-pod-affinity-quota) quota scope features. +- `PodAndContainerStatsFromCRI`: Configure the kubelet to gather container and + pod stats from the CRI container runtime rather than gathering them from cAdvisor. +- `PodDisruptionBudget`: Enable the [PodDisruptionBudget](/docs/tasks/run-application/configure-pdb/) feature. +- `PodDisruptionConditions`: Enables support for appending a dedicated pod condition indicating that the pod is being deleted due to a disruption. +- `PodHasNetworkCondition`: Enable the kubelet to mark the [PodHasNetwork](/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) condition on pods. - `PodOverhead`: Enable the [PodOverhead](/docs/concepts/scheduling-eviction/pod-overhead/) feature to account for pod overheads. - `PodPriority`: Enable the descheduling and preemption of Pods based on their @@ -1104,6 +1150,9 @@ Each feature gate is designed for enabling/disabling a specific feature: The seccomp profile is specified in the `securityContext` of a Pod and/or a Container. - `SelectorIndex`: Allows label and field based indexes in API server watch cache to accelerate list operations. +- `SELinuxMountReadWriteOncePod`: Allows kubelet to mount volumes for a Pod directly with the + right SELinux label instead of applying the SELinux label recursively on every file on the + volume. - `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/) feature on the API Server. - `ServerSideFieldValidation`: Enables server-side field validation. This means the validation diff --git a/content/en/docs/reference/command-line-tools-reference/kubelet.md b/content/en/docs/reference/command-line-tools-reference/kubelet.md index 1041f7b4a8891..134ed94b41463 100644 --- a/content/en/docs/reference/command-line-tools-reference/kubelet.md +++ b/content/en/docs/reference/command-line-tools-reference/kubelet.md @@ -849,7 +849,7 @@ WindowsHostProcessContainers=true|false (BETA - default=true)
        ---pod-infra-container-image string     Default: k8s.gcr.io/pause:3.6 +--pod-infra-container-image string     Default: registry.k8s.io/pause:3.6 Specified image will not be pruned by the image garbage collector. When container-runtime is set to docker, all containers in each pod will use the network/IPC namespaces from this image. Other CRI implementations have their own configuration to set this image. diff --git a/content/en/docs/reference/config-api/apiserver-encryption.v1.md b/content/en/docs/reference/config-api/apiserver-encryption.v1.md index 3b09e817a5090..9d408cf24a911 100644 --- a/content/en/docs/reference/config-api/apiserver-encryption.v1.md +++ b/content/en/docs/reference/config-api/apiserver-encryption.v1.md @@ -94,7 +94,6 @@ Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM. FieldDescription - name [Required]
        string diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md index a6e2bd98cd348..7bd46c2fad2b8 100644 --- a/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md +++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md @@ -159,7 +159,7 @@ configuration types to be used during a kubeadm init run.

        etcd: # one of local or external local: - imageRepository: "k8s.gcr.io" + imageRepository: "registry.k8s.io" imageTag: "3.2.24" dataDir: "/var/lib/etcd" extraArgs: @@ -213,7 +213,7 @@ configuration types to be used during a kubeadm init run.

         readOnly: false pathType: File certificatesDir: "/etc/kubernetes/pki" -imageRepository: "k8s.gcr.io" +imageRepository: "registry.k8s.io" useHyperKubeImage: false clusterName: "example-cluster" --- @@ -349,10 +349,10 @@ could be used for assigning a stable DNS to the control plane.

        imageRepository sets the container registry to pull images from. -If empty, k8s.gcr.io will be used by default; in case of kubernetes version is +If empty, registry.k8s.io will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with ci/) gcr.io/k8s-staging-ci-images is used as a default for control plane components and for kube-proxy, while -k8s.gcr.io will be used for all the other images.

        +registry.k8s.io will be used for all the other images.

        useHyperKubeImage [Required]
        diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md index 20f5e44d93a42..62516005a2387 100644 --- a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md +++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md @@ -171,7 +171,7 @@ configuration types to be used during a kubeadm init run.

        etcd: # one of local or external local: - imageRepository: "k8s.gcr.io" + imageRepository: "registry.k8s.io" imageTag: "3.2.24" dataDir: "/var/lib/etcd" extraArgs: @@ -225,7 +225,7 @@ configuration types to be used during a kubeadm init run.

         readOnly: false pathType: File certificatesDir: "/etc/kubernetes/pki" -imageRepository: "k8s.gcr.io" +imageRepository: "registry.k8s.io" clusterName: "example-cluster" --- apiVersion: kubelet.config.k8s.io/v1beta1 @@ -359,10 +359,10 @@ be used for assigning a stable DNS to the control plane.

        imageRepository sets the container registry to pull images from. -If empty, k8s.gcr.io will be used by default. +If empty, registry.k8s.io will be used by default. In case of kubernetes version is a CI build (kubernetes version starts with ci/) gcr.io/k8s-staging-ci-images will be used as a default for control plane components -and for kube-proxy, while k8s.gcr.io will be used for all the other images.

        +and for kube-proxy, while registry.k8s.io will be used for all the other images.

        featureGates
        diff --git a/content/en/docs/reference/glossary/pod-security-policy.md b/content/en/docs/reference/glossary/pod-security-policy.md index ff178bb7cc474..c358b92fc879a 100644 --- a/content/en/docs/reference/glossary/pod-security-policy.md +++ b/content/en/docs/reference/glossary/pod-security-policy.md @@ -17,4 +17,5 @@ tags: A cluster-level resource that controls security sensitive aspects of the Pod specification. The `PodSecurityPolicy` objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller. -PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25. We recommend migrating to [Pod Security Admission](/docs/concepts/security/pod-security-admission/), or a 3rd party admission plugin. +PodSecurityPolicy was deprecated as of Kubernetes v1.21, and removed in v1.25. +As an alternative, use [Pod Security Admission](/docs/concepts/security/pod-security-admission/) or a 3rd party admission plugin. diff --git a/content/en/docs/reference/issues-security/issues.md b/content/en/docs/reference/issues-security/issues.md index 5e4ebe85c036a..3dbec5bdcc9d4 100644 --- a/content/en/docs/reference/issues-security/issues.md +++ b/content/en/docs/reference/issues-security/issues.md @@ -8,6 +8,9 @@ To report a security issue, please follow the [Kubernetes security disclosure pr Work on Kubernetes code and public issues are tracked using [GitHub Issues](https://github.com/kubernetes/kubernetes/issues/). -* [CVE-related issues](https://github.com/kubernetes/kubernetes/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Aarea%2Fsecurity+in%3Atitle+CVE) +* Official [list of known CVEs](/docs/reference/issues-security/official-cve-feed/) + (security vulnerabilities) that have been announced by the + [Security Response Committee](https://github.com/kubernetes/committee-security-response) +* [CVE-related GitHub issues](https://github.com/kubernetes/kubernetes/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Aarea%2Fsecurity+in%3Atitle+CVE) -Security-related announcements are sent to the [kubernetes-security-announce@googlegroups.com](https://groups.google.com/forum/#!forum/kubernetes-security-announce) mailing list. +Security-related announcements are sent to the [kubernetes-security-announce@googlegroups.com](https://groups.google.com/forum/#!forum/kubernetes-security-announce) mailing list. \ No newline at end of file diff --git a/content/en/docs/reference/issues-security/official-cve-feed.md b/content/en/docs/reference/issues-security/official-cve-feed.md new file mode 100644 index 0000000000000..6a48924e42b12 --- /dev/null +++ b/content/en/docs/reference/issues-security/official-cve-feed.md @@ -0,0 +1,44 @@ +--- +title: Official CVE Feed +weight: 25 +outputs: + - json + - html +layout: cve-feed +--- + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +This is a community maintained list of official CVEs announced by +the Kubernetes Security Response Committee. See +[Kubernetes Security and Disclosure Information](/docs/reference/issues-security/security/) +for more details. + +The Kubernetes project publishes a programmatically accessible +[JSON Feed](/docs/reference/issues-security/official-cve-feed/index.json) of +published security issues. You can access it by executing the following command: + +{{< comment >}} +`replace` is used to bypass known issue with rendering ">" +: https://github.com/gohugoio/hugo/issues/7229 in JSON layouts template +`layouts/_default/cve-feed.json` +{{< /comment >}} + +```shell +curl -v https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json +``` + +{{< cve-feed >}} + + + +This feed is auto-refreshing with a noticeable but small lag (minutes to hours) +from the time a CVE is announced to the time it is accessible in this feed. + +The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and +restricted label `official-cve-feed`. The raw data is stored in a Google Cloud +Bucket which is writable only by a small number of trusted members of the +Community. \ No newline at end of file diff --git a/content/en/docs/reference/kubectl/cheatsheet.md b/content/en/docs/reference/kubectl/cheatsheet.md index fa7e9bffe0bc8..fd36df2677b66 100644 --- a/content/en/docs/reference/kubectl/cheatsheet.md +++ b/content/en/docs/reference/kubectl/cheatsheet.md @@ -439,8 +439,8 @@ kubectl get pods -A -o=custom-columns='DATA:spec.containers[*].image' # All images running in namespace: default, grouped by Pod kubectl get pods --namespace default --output=custom-columns="NAME:.metadata.name,IMAGE:.spec.containers[*].image" - # All images excluding "k8s.gcr.io/coredns:1.6.2" -kubectl get pods -A -o=custom-columns='DATA:spec.containers[?(@.image!="k8s.gcr.io/coredns:1.6.2")].image' + # All images excluding "registry.k8s.io/coredns:1.6.2" +kubectl get pods -A -o=custom-columns='DATA:spec.containers[?(@.image!="registry.k8s.io/coredns:1.6.2")].image' # All fields under metadata regardless of name kubectl get pods -A -o=custom-columns='DATA:metadata.*' diff --git a/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md b/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md index 3e448846f6f82..55e367574c12a 100644 --- a/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md +++ b/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md @@ -62,7 +62,7 @@ TokenRequestSpec contains client provided parameters of a token request. - **audiences** ([]string), required - Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences. + Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences. - **boundObjectRef** (BoundObjectReference) diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md index ab7a7c7efdc8b..6036eebcb009a 100644 --- a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md +++ b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md @@ -62,7 +62,7 @@ ClusterRole is a cluster level, logical grouping of PolicyRules that can be refe - **rules.apiGroups** ([]string) - APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - **rules.resources** ([]string) diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md index 8e4840c0f9b68..9869fcb721452 100644 --- a/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md +++ b/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md @@ -51,7 +51,7 @@ Role is a namespaced, logical grouping of PolicyRules that can be referenced as - **rules.apiGroups** ([]string) - APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - **rules.resources** ([]string) diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md new file mode 100644 index 0000000000000..410ba0b7f4526 --- /dev/null +++ b/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md @@ -0,0 +1,506 @@ +--- +api_metadata: + apiVersion: "networking.k8s.io/v1alpha1" + import: "k8s.io/api/networking/v1alpha1" + kind: "ClusterCIDR" +content_type: "api_reference" +description: "ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager)." +title: "ClusterCIDR v1alpha1" +weight: 11 +auto_generated: true +--- + + + +`apiVersion: networking.k8s.io/v1alpha1` + +`import "k8s.io/api/networking/v1alpha1"` + + +## ClusterCIDR {#ClusterCIDR} + +ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager). A cluster may have any number of ClusterCIDR resources, all of which will be considered when allocating a CIDR for a Node. A ClusterCIDR is eligible to be used for a given Node when the node selector matches the node in question and has free CIDRs to allocate. In case of multiple matching ClusterCIDR resources, the allocator will attempt to break ties using internal heuristics, but any ClusterCIDR whose node selector matches the Node may be used. + +
        + +- **apiVersion**: networking.k8s.io/v1alpha1 + + +- **kind**: ClusterCIDR + + +- **metadata** (}}">ObjectMeta) + + Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +- **spec** (}}">ClusterCIDRSpec) + + Spec is the desired state of the ClusterCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + + + + + +## ClusterCIDRSpec {#ClusterCIDRSpec} + +ClusterCIDRSpec defines the desired state of ClusterCIDR. + +
        + +- **perNodeHostBits** (int32), required + + PerNodeHostBits defines the number of host bits to be configured per node. A subnet mask determines how much of the address is used for network bits and host bits. For example an IPv4 address of 192.168.0.0/24, splits the address into 24 bits for the network portion and 8 bits for the host portion. To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). Minimum value is 4 (16 IPs). This field is immutable. + +- **ipv4** (string) + + IPv4 defines an IPv4 IP block in CIDR notation(e.g. "10.0.0.0/8"). At least one of IPv4 and IPv6 must be specified. This field is immutable. + +- **ipv6** (string) + + IPv6 defines an IPv6 IP block in CIDR notation(e.g. "fd12:3456:789a:1::/64"). At least one of IPv4 and IPv6 must be specified. This field is immutable. + +- **nodeSelector** (NodeSelector) + + NodeSelector defines which nodes the config is applicable to. An empty or nil NodeSelector selects all nodes. This field is immutable. + + + *A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.* + + - **nodeSelector.nodeSelectorTerms** ([]NodeSelectorTerm), required + + Required. A list of node selector terms. The terms are ORed. + + + *A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.* + + - **nodeSelector.nodeSelectorTerms.matchExpressions** ([]}}">NodeSelectorRequirement) + + A list of node selector requirements by node's labels. + + - **nodeSelector.nodeSelectorTerms.matchFields** ([]}}">NodeSelectorRequirement) + + A list of node selector requirements by node's fields. + + + + + +## ClusterCIDRList {#ClusterCIDRList} + +ClusterCIDRList contains a list of ClusterCIDR. + +
        + +- **apiVersion**: networking.k8s.io/v1alpha1 + + +- **kind**: ClusterCIDRList + + +- **metadata** (}}">ListMeta) + + Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +- **items** ([]}}">ClusterCIDR), required + + Items is the list of ClusterCIDRs. + + + + + +## Operations {#Operations} + + + +
        + + + + + + +### `get` read the specified ClusterCIDR + +#### HTTP Request + +GET /apis/networking.k8s.io/v1alpha1/clustercidrs/{name} + +#### Parameters + + +- **name** (*in path*): string, required + + name of the ClusterCIDR + + +- **pretty** (*in query*): string + + }}">pretty + + + +#### Response + + +200 (}}">ClusterCIDR): OK + +401: Unauthorized + + +### `list` list or watch objects of kind ClusterCIDR + +#### HTTP Request + +GET /apis/networking.k8s.io/v1alpha1/clustercidrs + +#### Parameters + + +- **allowWatchBookmarks** (*in query*): boolean + + }}">allowWatchBookmarks + + +- **continue** (*in query*): string + + }}">continue + + +- **fieldSelector** (*in query*): string + + }}">fieldSelector + + +- **labelSelector** (*in query*): string + + }}">labelSelector + + +- **limit** (*in query*): integer + + }}">limit + + +- **pretty** (*in query*): string + + }}">pretty + + +- **resourceVersion** (*in query*): string + + }}">resourceVersion + + +- **resourceVersionMatch** (*in query*): string + + }}">resourceVersionMatch + + +- **timeoutSeconds** (*in query*): integer + + }}">timeoutSeconds + + +- **watch** (*in query*): boolean + + }}">watch + + + +#### Response + + +200 (}}">ClusterCIDRList): OK + +401: Unauthorized + + +### `create` create a ClusterCIDR + +#### HTTP Request + +POST /apis/networking.k8s.io/v1alpha1/clustercidrs + +#### Parameters + + +- **body**: }}">ClusterCIDR, required + + + + +- **dryRun** (*in query*): string + + }}">dryRun + + +- **fieldManager** (*in query*): string + + }}">fieldManager + + +- **fieldValidation** (*in query*): string + + }}">fieldValidation + + +- **pretty** (*in query*): string + + }}">pretty + + + +#### Response + + +200 (}}">ClusterCIDR): OK + +201 (}}">ClusterCIDR): Created + +202 (}}">ClusterCIDR): Accepted + +401: Unauthorized + + +### `update` replace the specified ClusterCIDR + +#### HTTP Request + +PUT /apis/networking.k8s.io/v1alpha1/clustercidrs/{name} + +#### Parameters + + +- **name** (*in path*): string, required + + name of the ClusterCIDR + + +- **body**: }}">ClusterCIDR, required + + + + +- **dryRun** (*in query*): string + + }}">dryRun + + +- **fieldManager** (*in query*): string + + }}">fieldManager + + +- **fieldValidation** (*in query*): string + + }}">fieldValidation + + +- **pretty** (*in query*): string + + }}">pretty + + + +#### Response + + +200 (}}">ClusterCIDR): OK + +201 (}}">ClusterCIDR): Created + +401: Unauthorized + + +### `patch` partially update the specified ClusterCIDR + +#### HTTP Request + +PATCH /apis/networking.k8s.io/v1alpha1/clustercidrs/{name} + +#### Parameters + + +- **name** (*in path*): string, required + + name of the ClusterCIDR + + +- **body**: }}">Patch, required + + + + +- **dryRun** (*in query*): string + + }}">dryRun + + +- **fieldManager** (*in query*): string + + }}">fieldManager + + +- **fieldValidation** (*in query*): string + + }}">fieldValidation + + +- **force** (*in query*): boolean + + }}">force + + +- **pretty** (*in query*): string + + }}">pretty + + + +#### Response + + +200 (}}">ClusterCIDR): OK + +201 (}}">ClusterCIDR): Created + +401: Unauthorized + + +### `delete` delete a ClusterCIDR + +#### HTTP Request + +DELETE /apis/networking.k8s.io/v1alpha1/clustercidrs/{name} + +#### Parameters + + +- **name** (*in path*): string, required + + name of the ClusterCIDR + + +- **body**: }}">DeleteOptions + + + + +- **dryRun** (*in query*): string + + }}">dryRun + + +- **gracePeriodSeconds** (*in query*): integer + + }}">gracePeriodSeconds + + +- **pretty** (*in query*): string + + }}">pretty + + +- **propagationPolicy** (*in query*): string + + }}">propagationPolicy + + + +#### Response + + +200 (}}">Status): OK + +202 (}}">Status): Accepted + +401: Unauthorized + + +### `deletecollection` delete collection of ClusterCIDR + +#### HTTP Request + +DELETE /apis/networking.k8s.io/v1alpha1/clustercidrs + +#### Parameters + + +- **body**: }}">DeleteOptions + + + + +- **continue** (*in query*): string + + }}">continue + + +- **dryRun** (*in query*): string + + }}">dryRun + + +- **fieldSelector** (*in query*): string + + }}">fieldSelector + + +- **gracePeriodSeconds** (*in query*): integer + + }}">gracePeriodSeconds + + +- **labelSelector** (*in query*): string + + }}">labelSelector + + +- **limit** (*in query*): integer + + }}">limit + + +- **pretty** (*in query*): string + + }}">pretty + + +- **propagationPolicy** (*in query*): string + + }}">propagationPolicy + + +- **resourceVersion** (*in query*): string + + }}">resourceVersion + + +- **resourceVersionMatch** (*in query*): string + + }}">resourceVersionMatch + + +- **timeoutSeconds** (*in query*): integer + + }}">timeoutSeconds + + + +#### Response + + +200 (}}">Status): OK + +401: Unauthorized + diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md index 38132a5a6fd35..befebb53c6da9 100644 --- a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md +++ b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md @@ -356,7 +356,7 @@ NodeStatus is information about the current status of a node. - **images.names** ([]string) - Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"] + Names by which this image is known. e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - **images.sizeBytes** (int64) diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta2.md b/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta2.md index bc436fb579883..c73682b87c827 100644 --- a/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta2.md +++ b/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta2.md @@ -70,8 +70,8 @@ PriorityLevelConfigurationSpec specifies the configuration of a priority level. *LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues: - * How are requests for this priority level limited? - * What should be done with requests that exceed the limit?* + - How are requests for this priority level limited? + - What should be done with requests that exceed the limit?* - **limited.assuredConcurrencyShares** (int32) diff --git a/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md b/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md index 1d5339ad0c72c..199d4ff7d7070 100644 --- a/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md +++ b/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md @@ -188,14 +188,5 @@ ObjectMeta is metadata that all persisted resources must have, which includes al Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids -### Ignored {#Ignored} - - -- **clusterName** (string) - - Deprecated: ClusterName is a legacy field that was always cleared by the system and never used; it will be removed completely in 1.25. - - The name in the go struct is changed to help clients detect accidental use. - diff --git a/content/en/docs/reference/kubernetes-api/common-definitions/quantity.md b/content/en/docs/reference/kubernetes-api/common-definitions/quantity.md index 45f909c5e783c..1990f954305a8 100644 --- a/content/en/docs/reference/kubernetes-api/common-definitions/quantity.md +++ b/content/en/docs/reference/kubernetes-api/common-definitions/quantity.md @@ -30,27 +30,33 @@ Quantity is a fixed-point representation of a number. It provides convenient mar The serialization format is: -\ ::= \\ - (Note that \ may be empty, from the "" case in \.) +``` \ ::= \\ + + (Note that \ may be empty, from the "" case in \.) + \ ::= 0 | 1 | ... | 9 \ ::= \ | \\ \ ::= \ | \.\ | \. | .\ \ ::= "+" | "-" \ ::= \ | \\ \ ::= \ | \ | \ \ ::= Ki | Mi | Gi | Ti | Pi | Ei - (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + \ ::= m | "" | k | M | G | T | P | E - (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -\ ::= "e" \ | "E" \ + + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + +\ ::= "e" \ | "E" \ ``` No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: - a. No precision is lost - b. No fractional digits will be emitted - c. The exponent (or suffix) is as large as possible. + +- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. Examples: - 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi" + +- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi" Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md index 099f2d396f958..911ef8e77e5c9 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md @@ -85,6 +85,16 @@ CSIDriverSpec is the specification of a CSIDriver. Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container. +- **seLinuxMount** (boolean) + + SELinuxMount specifies if the CSI driver supports "-o context" mount option. + + When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context. + + When "false", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem. + + Default is "false". + - **storageCapacity** (boolean) If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information. diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md index a70bcadba1bd1..a557a36b643ee 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md @@ -97,7 +97,7 @@ PersistentVolumeClaimSpec describes the common attributes of storage devices and -### Alpha level +### Beta level - **dataSource** (}}">TypedLocalObjectReference) diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md index 170a16ec97ede..ffe70099304a2 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md @@ -329,7 +329,7 @@ PersistentVolumeSpec is the specification of a persistent volume. - **csi.controllerExpandSecretRef** (SecretReference) - controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an alpha field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. + controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an beta field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. *SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace* @@ -361,6 +361,21 @@ PersistentVolumeSpec is the specification of a persistent volume. fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". + - **csi.nodeExpandSecretRef** (SecretReference) + + nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is an alpha field and requires enabling CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed. + + + *SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace* + + - **csi.nodeExpandSecretRef.name** (string) + + name is unique within a namespace to reference a secret resource. + + - **csi.nodeExpandSecretRef.namespace** (string) + + namespace defines the space within which the secret name must be unique. + - **csi.nodePublishSecretRef** (SecretReference) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume.md index 420c6701d56b2..227261b735d28 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume.md @@ -406,6 +406,47 @@ Volume represents a named volume in a pod that may be accessed by any container volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. +- **ephemeral** (EphemeralVolumeSource) + + ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + + A pod can use both types of ephemeral volumes and persistent volumes at the same time. + + + *Represents an ephemeral volume that is handled by a normal storage driver.* + + - **ephemeral.volumeClaimTemplate** (PersistentVolumeClaimTemplate) + + Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\-\` where `\` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + + Required, must not be nil. + + + *PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.* + + - **ephemeral.volumeClaimTemplate.spec** (}}">PersistentVolumeClaimSpec), required + + The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + + - **ephemeral.volumeClaimTemplate.metadata** (}}">ObjectMeta) + + May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. + - **fc** (FCVolumeSource) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -790,50 +831,6 @@ Volume represents a named volume in a pod that may be accessed by any container storagePolicyName is the storage Policy Based Management (SPBM) profile name. -### Alpha level - - -- **ephemeral** (EphemeralVolumeSource) - - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - - A pod can use both types of ephemeral volumes and persistent volumes at the same time. - - - *Represents an ephemeral volume that is handled by a normal storage driver.* - - - **ephemeral.volumeClaimTemplate** (PersistentVolumeClaimTemplate) - - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\-\` where `\` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - - Required, must not be nil. - - - *PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.* - - - **ephemeral.volumeClaimTemplate.spec** (}}">PersistentVolumeClaimSpec), required - - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - - - **ephemeral.volumeClaimTemplate.metadata** (}}">ObjectMeta) - - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - ### Deprecated diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md b/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md index 5236b927c8796..57be743c16bec 100644 --- a/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md +++ b/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md @@ -125,7 +125,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy - **ingress.ports.endPort** (int32) - If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort". + If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. - **ingress.ports.protocol** (string) @@ -188,7 +188,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy - **egress.ports.endPort** (int32) - If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort". + If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. - **egress.ports.protocol** (string) diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md b/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md deleted file mode 100644 index 699e0e671f11f..0000000000000 --- a/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md +++ /dev/null @@ -1,739 +0,0 @@ ---- -api_metadata: - apiVersion: "policy/v1beta1" - import: "k8s.io/api/policy/v1beta1" - kind: "PodSecurityPolicy" -content_type: "api_reference" -description: "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container." -title: "PodSecurityPolicy v1beta1" -weight: 5 -auto_generated: true ---- - - - -`apiVersion: policy/v1beta1` - -`import "k8s.io/api/policy/v1beta1"` - - -## PodSecurityPolicy {#PodSecurityPolicy} - -PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21. - -
        - -- **apiVersion**: policy/v1beta1 - - -- **kind**: PodSecurityPolicy - - -- **metadata** (}}">ObjectMeta) - - Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -- **spec** (}}">PodSecurityPolicySpec) - - spec defines the policy enforced. - - - - - -## PodSecurityPolicySpec {#PodSecurityPolicySpec} - -PodSecurityPolicySpec defines the policy enforced. - -
        - -- **runAsUser** (RunAsUserStrategyOptions), required - - runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. - - - *RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.* - - - **runAsUser.rule** (string), required - - rule is the strategy that will dictate the allowable RunAsUser values that may be set. - - - **runAsUser.ranges** ([]IDRange) - - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs. - - - *IDRange provides a min/max of an allowed range of IDs.* - - - **runAsUser.ranges.max** (int64), required - - max is the end of the range, inclusive. - - - **runAsUser.ranges.min** (int64), required - - min is the start of the range, inclusive. - -- **runAsGroup** (RunAsGroupStrategyOptions) - - RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled. - - - *RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.* - - - **runAsGroup.rule** (string), required - - rule is the strategy that will dictate the allowable RunAsGroup values that may be set. - - - **runAsGroup.ranges** ([]IDRange) - - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs. - - - *IDRange provides a min/max of an allowed range of IDs.* - - - **runAsGroup.ranges.max** (int64), required - - max is the end of the range, inclusive. - - - **runAsGroup.ranges.min** (int64), required - - min is the start of the range, inclusive. - -- **fsGroup** (FSGroupStrategyOptions), required - - fsGroup is the strategy that will dictate what fs group is used by the SecurityContext. - - - *FSGroupStrategyOptions defines the strategy type and options used to create the strategy.* - - - **fsGroup.ranges** ([]IDRange) - - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs. - - - *IDRange provides a min/max of an allowed range of IDs.* - - - **fsGroup.ranges.max** (int64), required - - max is the end of the range, inclusive. - - - **fsGroup.ranges.min** (int64), required - - min is the start of the range, inclusive. - - - **fsGroup.rule** (string) - - rule is the strategy that will dictate what FSGroup is used in the SecurityContext. - -- **supplementalGroups** (SupplementalGroupsStrategyOptions), required - - supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. - - - *SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.* - - - **supplementalGroups.ranges** ([]IDRange) - - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs. - - - *IDRange provides a min/max of an allowed range of IDs.* - - - **supplementalGroups.ranges.max** (int64), required - - max is the end of the range, inclusive. - - - **supplementalGroups.ranges.min** (int64), required - - min is the start of the range, inclusive. - - - **supplementalGroups.rule** (string) - - rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. - -- **seLinux** (SELinuxStrategyOptions), required - - seLinux is the strategy that will dictate the allowable labels that may be set. - - - *SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.* - - - **seLinux.rule** (string), required - - rule is the strategy that will dictate the allowable labels that may be set. - - - **seLinux.seLinuxOptions** (SELinuxOptions) - - seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - - - *SELinuxOptions are the labels to be applied to the container* - - - **seLinux.seLinuxOptions.level** (string) - - Level is SELinux level label that applies to the container. - - - **seLinux.seLinuxOptions.role** (string) - - Role is a SELinux role label that applies to the container. - - - **seLinux.seLinuxOptions.type** (string) - - Type is a SELinux type label that applies to the container. - - - **seLinux.seLinuxOptions.user** (string) - - User is a SELinux user label that applies to the container. - -- **readOnlyRootFilesystem** (boolean) - - readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. - -- **privileged** (boolean) - - privileged determines if a pod can request to be run as privileged. - -- **allowPrivilegeEscalation** (boolean) - - allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. - -- **defaultAllowPrivilegeEscalation** (boolean) - - defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. - -- **allowedCSIDrivers** ([]AllowedCSIDriver) - - AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is a beta field, and is only honored if the API server enables the CSIInlineVolume feature gate. - - - *AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.* - - - **allowedCSIDrivers.name** (string), required - - Name is the registered name of the CSI driver - -- **allowedCapabilities** ([]string) - - allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities. - -- **requiredDropCapabilities** ([]string) - - requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. - -- **defaultAddCapabilities** ([]string) - - defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list. - -- **allowedFlexVolumes** ([]AllowedFlexVolume) - - allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field. - - - *AllowedFlexVolume represents a single Flexvolume that is allowed to be used.* - - - **allowedFlexVolumes.driver** (string), required - - driver is the name of the Flexvolume driver. - -- **allowedHostPaths** ([]AllowedHostPath) - - allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used. - - - *AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.* - - - **allowedHostPaths.pathPrefix** (string) - - pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path. - - Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo` - - - **allowedHostPaths.readOnly** (boolean) - - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly. - -- **allowedProcMountTypes** ([]string) - - AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled. - -- **allowedUnsafeSysctls** ([]string) - - allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection. - - Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc. - -- **forbiddenSysctls** ([]string) - - forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. - - Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. - -- **hostIPC** (boolean) - - hostIPC determines if the policy allows the use of HostIPC in the pod spec. - -- **hostNetwork** (boolean) - - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec. - -- **hostPID** (boolean) - - hostPID determines if the policy allows the use of HostPID in the pod spec. - -- **hostPorts** ([]HostPortRange) - - hostPorts determines which host port ranges are allowed to be exposed. - - - *HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.* - - - **hostPorts.max** (int32), required - - max is the end of the range, inclusive. - - - **hostPorts.min** (int32), required - - min is the start of the range, inclusive. - -- **runtimeClass** (RuntimeClassStrategyOptions) - - runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled. - - - *RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.* - - - **runtimeClass.allowedRuntimeClassNames** ([]string), required - - allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset. - - - **runtimeClass.defaultRuntimeClassName** (string) - - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod. - -- **volumes** ([]string) - - volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'. - - - - - -## PodSecurityPolicyList {#PodSecurityPolicyList} - -PodSecurityPolicyList is a list of PodSecurityPolicy objects. - -
        - -- **apiVersion**: policy/v1beta1 - - -- **kind**: PodSecurityPolicyList - - -- **metadata** (}}">ListMeta) - - Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -- **items** ([]}}">PodSecurityPolicy), required - - items is a list of schema objects. - - - - - -## Operations {#Operations} - - - -
        - - - - - - -### `get` read the specified PodSecurityPolicy - -#### HTTP Request - -GET /apis/policy/v1beta1/podsecuritypolicies/{name} - -#### Parameters - - -- **name** (*in path*): string, required - - name of the PodSecurityPolicy - - -- **pretty** (*in query*): string - - }}">pretty - - - -#### Response - - -200 (}}">PodSecurityPolicy): OK - -401: Unauthorized - - -### `list` list or watch objects of kind PodSecurityPolicy - -#### HTTP Request - -GET /apis/policy/v1beta1/podsecuritypolicies - -#### Parameters - - -- **allowWatchBookmarks** (*in query*): boolean - - }}">allowWatchBookmarks - - -- **continue** (*in query*): string - - }}">continue - - -- **fieldSelector** (*in query*): string - - }}">fieldSelector - - -- **labelSelector** (*in query*): string - - }}">labelSelector - - -- **limit** (*in query*): integer - - }}">limit - - -- **pretty** (*in query*): string - - }}">pretty - - -- **resourceVersion** (*in query*): string - - }}">resourceVersion - - -- **resourceVersionMatch** (*in query*): string - - }}">resourceVersionMatch - - -- **timeoutSeconds** (*in query*): integer - - }}">timeoutSeconds - - -- **watch** (*in query*): boolean - - }}">watch - - - -#### Response - - -200 (}}">PodSecurityPolicyList): OK - -401: Unauthorized - - -### `create` create a PodSecurityPolicy - -#### HTTP Request - -POST /apis/policy/v1beta1/podsecuritypolicies - -#### Parameters - - -- **body**: }}">PodSecurityPolicy, required - - - - -- **dryRun** (*in query*): string - - }}">dryRun - - -- **fieldManager** (*in query*): string - - }}">fieldManager - - -- **fieldValidation** (*in query*): string - - }}">fieldValidation - - -- **pretty** (*in query*): string - - }}">pretty - - - -#### Response - - -200 (}}">PodSecurityPolicy): OK - -201 (}}">PodSecurityPolicy): Created - -202 (}}">PodSecurityPolicy): Accepted - -401: Unauthorized - - -### `update` replace the specified PodSecurityPolicy - -#### HTTP Request - -PUT /apis/policy/v1beta1/podsecuritypolicies/{name} - -#### Parameters - - -- **name** (*in path*): string, required - - name of the PodSecurityPolicy - - -- **body**: }}">PodSecurityPolicy, required - - - - -- **dryRun** (*in query*): string - - }}">dryRun - - -- **fieldManager** (*in query*): string - - }}">fieldManager - - -- **fieldValidation** (*in query*): string - - }}">fieldValidation - - -- **pretty** (*in query*): string - - }}">pretty - - - -#### Response - - -200 (}}">PodSecurityPolicy): OK - -201 (}}">PodSecurityPolicy): Created - -401: Unauthorized - - -### `patch` partially update the specified PodSecurityPolicy - -#### HTTP Request - -PATCH /apis/policy/v1beta1/podsecuritypolicies/{name} - -#### Parameters - - -- **name** (*in path*): string, required - - name of the PodSecurityPolicy - - -- **body**: }}">Patch, required - - - - -- **dryRun** (*in query*): string - - }}">dryRun - - -- **fieldManager** (*in query*): string - - }}">fieldManager - - -- **fieldValidation** (*in query*): string - - }}">fieldValidation - - -- **force** (*in query*): boolean - - }}">force - - -- **pretty** (*in query*): string - - }}">pretty - - - -#### Response - - -200 (}}">PodSecurityPolicy): OK - -201 (}}">PodSecurityPolicy): Created - -401: Unauthorized - - -### `delete` delete a PodSecurityPolicy - -#### HTTP Request - -DELETE /apis/policy/v1beta1/podsecuritypolicies/{name} - -#### Parameters - - -- **name** (*in path*): string, required - - name of the PodSecurityPolicy - - -- **body**: }}">DeleteOptions - - - - -- **dryRun** (*in query*): string - - }}">dryRun - - -- **gracePeriodSeconds** (*in query*): integer - - }}">gracePeriodSeconds - - -- **pretty** (*in query*): string - - }}">pretty - - -- **propagationPolicy** (*in query*): string - - }}">propagationPolicy - - - -#### Response - - -200 (}}">PodSecurityPolicy): OK - -202 (}}">PodSecurityPolicy): Accepted - -401: Unauthorized - - -### `deletecollection` delete collection of PodSecurityPolicy - -#### HTTP Request - -DELETE /apis/policy/v1beta1/podsecuritypolicies - -#### Parameters - - -- **body**: }}">DeleteOptions - - - - -- **continue** (*in query*): string - - }}">continue - - -- **dryRun** (*in query*): string - - }}">dryRun - - -- **fieldSelector** (*in query*): string - - }}">fieldSelector - - -- **gracePeriodSeconds** (*in query*): integer - - }}">gracePeriodSeconds - - -- **labelSelector** (*in query*): string - - }}">labelSelector - - -- **limit** (*in query*): integer - - }}">limit - - -- **pretty** (*in query*): string - - }}">pretty - - -- **propagationPolicy** (*in query*): string - - }}">propagationPolicy - - -- **resourceVersion** (*in query*): string - - }}">resourceVersion - - -- **resourceVersionMatch** (*in query*): string - - }}">resourceVersionMatch - - -- **timeoutSeconds** (*in query*): integer - - }}">timeoutSeconds - - - -#### Response - - -200 (}}">Status): OK - -401: Unauthorized - diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md index f3f956221f76b..7e9c16b286b11 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md @@ -112,7 +112,7 @@ EndpointSlice represents a subset of the endpoints that implement a service. For - **endpoints.nodeName** (string) - nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. This field can be enabled with the EndpointSliceNodeName feature gate. + nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. - **endpoints.targetRef** (}}">ObjectReference) diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md index 73a1290c76f01..8267741ea7120 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md @@ -29,17 +29,18 @@ guide. You can file document formatting bugs against the ## Endpoints {#Endpoints} Endpoints is a collection of endpoints that implement the actual service. Example: - Name: "mysvc", - Subsets: [ - { - Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], - Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] - }, - { - Addresses: [{"ip": "10.10.3.3"}], - Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] - }, - ] + + Name: "mysvc", + Subsets: [ + { + Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], + Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] + }, + { + Addresses: [{"ip": "10.10.3.3"}], + Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] + }, + ]
        @@ -59,13 +60,16 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl *EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given: - { - Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], - Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] - } + + { + Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], + Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] + } + The resulting set of endpoints can be viewed as: - a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], - b: [ 10.10.1.1:309, 10.10.2.2:309 ]* + + a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], + b: [ 10.10.1.1:309, 10.10.2.2:309 ]* - **subsets.addresses** ([]EndpointAddress) diff --git a/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md index 5a8bb7fd8e55f..83c1b650aa22d 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md @@ -66,7 +66,7 @@ IngressSpec describes the Ingress the user wishes to exist. - **ingressClassName** (string) - IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation. + IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present. - **rules** ([]IngressRule) diff --git a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md index 49b230dd2f15d..e98d49081c250 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md @@ -162,17 +162,17 @@ ServiceSpec describes the attributes that a user creates on a service. - **externalTrafficPolicy** (string) - externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. - **internalTrafficPolicy** (string) - InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). - **healthCheckNodePort** (int32) - healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. - **publishNotReadyAddresses** (boolean) diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md index cf6cdd0dffcf3..5a23855cf25cf 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md @@ -55,28 +55,38 @@ ControllerRevision implements an immutable snapshot of state data. Clients are r To use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types. - // Internal package: type MyAPIObject struct { - runtime.TypeMeta `json:",inline"` - MyPlugin runtime.Object `json:"myPlugin"` - } type PluginA struct { - AOption string `json:"aOption"` - } + // Internal package: - // External package: type MyAPIObject struct { - runtime.TypeMeta `json:",inline"` - MyPlugin runtime.RawExtension `json:"myPlugin"` - } type PluginA struct { - AOption string `json:"aOption"` - } + type MyAPIObject struct { + runtime.TypeMeta `json:",inline"` + MyPlugin runtime.Object `json:"myPlugin"` + } - // On the wire, the JSON will look something like this: { - "kind":"MyAPIObject", - "apiVersion":"v1", - "myPlugin": { - "kind":"PluginA", - "aOption":"foo", - }, - } + type PluginA struct { + AOption string `json:"aOption"` + } + + // External package: + + type MyAPIObject struct { + runtime.TypeMeta `json:",inline"` + MyPlugin runtime.RawExtension `json:"myPlugin"` + } + + type PluginA struct { + AOption string `json:"aOption"` + } + + // On the wire, the JSON will look something like this: + + { + "kind":"MyAPIObject", + "apiVersion":"v1", + "myPlugin": { + "kind":"PluginA", + "aOption":"foo", + }, + } So what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)* diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md index 3f08903481f35..9148da431f4ea 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md @@ -81,7 +81,7 @@ CronJobSpec describes how the job execution will look like and when it will actu - **timeZone** (string) - The time zone for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will rely on the time zone of the kube-controller-manager process. ALPHA: This field is in alpha and must be enabled via the `CronJobTimeZone` feature gate. + The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones This is beta field and must be enabled via the `CronJobTimeZone` feature gate. - **concurrencyPolicy** (string) diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md index ca18671c2faa9..6176734a8bb0e 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md @@ -94,7 +94,7 @@ DaemonSetSpec is the specification of a daemon set. - **updateStrategy.rollingUpdate.maxSurge** (IntOrString) - The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate. + The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. *IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.* diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md index e79d7ba8f06c9..6980217f6643c 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md @@ -117,6 +117,85 @@ JobSpec describes how the job execution will look like. manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector +### Alpha level + + +- **podFailurePolicy** (PodFailurePolicy) + + Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure. + + This field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default). + + + *PodFailurePolicy describes how failed pods influence the backoffLimit.* + + - **podFailurePolicy.rules** ([]PodFailurePolicyRule), required + + *Atomic: will be replaced during a merge* + + A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed. + + + *PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.* + + - **podFailurePolicy.rules.action** (string), required + + Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all + running pods are terminated. + - Ignore: indicates that the counter towards the .backoffLimit is not + incremented and a replacement pod is created. + - Count: indicates that the pod is handled in the default way - the + counter towards the .backoffLimit is incremented. + Additional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule. + + + + - **podFailurePolicy.rules.onPodConditions** ([]PodFailurePolicyOnPodConditionsPattern), required + + *Atomic: will be replaced during a merge* + + Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed. + + + *PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.* + + - **podFailurePolicy.rules.onPodConditions.status** (string), required + + Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True. + + - **podFailurePolicy.rules.onPodConditions.type** (string), required + + Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type. + + - **podFailurePolicy.rules.onExitCodes** (PodFailurePolicyOnExitCodesRequirement) + + Represents the requirement on the container exit codes. + + + *PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.* + + - **podFailurePolicy.rules.onExitCodes.operator** (string), required + + Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code + (might be multiple if there are multiple containers not restricted + by the 'containerName' field) is in the set of specified values. + - NotIn: the requirement is satisfied if at least one container exit code + (might be multiple if there are multiple containers not restricted + by the 'containerName' field) is not in the set of specified values. + Additional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied. + + + + - **podFailurePolicy.rules.onExitCodes.values** ([]int32), required + + *Set: unique values will be kept during a merge* + + Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed. + + - **podFailurePolicy.rules.onExitCodes.containerName** (string) + + Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template. + ## JobStatus {#JobStatus} @@ -222,7 +301,7 @@ JobStatus represents the current state of a Job. -### Alpha level +### Beta level - **ready** (int32) diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md index ef232320c8dad..726d305980915 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md @@ -77,6 +77,12 @@ PodSpec is a description of a pod. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +- **ephemeralContainers** ([]}}">EphemeralContainer) + + *Patch strategy: merge on key `name`* + + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + - **imagePullSecrets** ([]}}">LocalObjectReference) *Patch strategy: merge on key `name`* @@ -93,7 +99,7 @@ PodSpec is a description of a pod. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions - If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup This is a beta field and requires the IdentifyPodOS feature + If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup *PodOS defines the OS parameters of a pod.* @@ -188,6 +194,10 @@ PodSpec is a description of a pod. The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. +- **preemptionPolicy** (string) + + PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. + - **topologySpreadConstraints** ([]TopologySpreadConstraint) *Patch strategy: merge on key `topologyKey`* @@ -205,7 +215,7 @@ PodSpec is a description of a pod. - **topologySpreadConstraints.topologyKey** (string), required - TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \ as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \ as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. - **topologySpreadConstraints.whenUnsatisfiable** (string), required @@ -220,13 +230,35 @@ PodSpec is a description of a pod. LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + - **topologySpreadConstraints.matchLabelKeys** ([]string) + + *Atomic: will be replaced during a merge* + + MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + - **topologySpreadConstraints.minDomains** (int32) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + + - **topologySpreadConstraints.nodeAffinityPolicy** (string) + + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + + - **topologySpreadConstraints.nodeTaintsPolicy** (string) + + NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + +- **overhead** (map[string]}}">Quantity) + + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md ### Lifecycle @@ -471,22 +503,12 @@ PodSpec is a description of a pod. The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -### Beta level +### Alpha level -- **ephemeralContainers** ([]}}">EphemeralContainer) +- **hostUsers** (boolean) - *Patch strategy: merge on key `name`* - - List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate. - -- **preemptionPolicy** (string) - - PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. - -- **overhead** (map[string]}}">Quantity) - - Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. ### Deprecated @@ -546,7 +568,7 @@ A single application container that you want to run within a pod. *Map: unique values on keys `containerPort, protocol` will be kept during a merge* - List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. *ContainerPort represents a network port in a single container.* @@ -943,8 +965,6 @@ An EphemeralContainer is a temporary container that you may add to an existing P To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. -This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate. -
        - **name** (string), required @@ -1773,7 +1793,7 @@ Probe describes a health check to be performed against a container to determine - **grpc.service** (string) - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ). + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. @@ -1832,7 +1852,8 @@ PodStatus represents information about the status of a pod. Status may trail the *IP address information for entries in the (plural) PodIPs field. Each entry includes: - IP: An IP address allocated to the pod. Routable at least within the cluster.* + + IP: An IP address allocated to the pod. Routable at least within the cluster.* - **podIPs.ip** (string) @@ -1879,7 +1900,7 @@ PodStatus represents information about the status of a pod. Status may trail the - **qosClass** (string) - The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/design-proposals-archive/node/resource-qos.md + The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md @@ -2263,7 +2284,7 @@ PodStatus represents information about the status of a pod. Status may trail the - **ephemeralContainerStatuses** ([]ContainerStatus) - Status for any ephemeral containers that have run in this pod. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate. + Status for any ephemeral containers that have run in this pod. *ContainerStatus contains details for the current status of this container.* diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md index 9d2b41b6cce01..b9f466e081038 100644 --- a/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md +++ b/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md @@ -29,8 +29,9 @@ guide. You can file document formatting bugs against the ## StatefulSet {#StatefulSet} StatefulSet represents a set of pods with consistent identities. Identities are defined as: - - Network: A single stable DNS and hostname. - - Storage: As many VolumeClaims as requested. + - Network: A single stable DNS and hostname. + - Storage: As many VolumeClaims as requested. + The StatefulSet guarantees that a given network identity will always map to the same storage identity.
        @@ -126,7 +127,7 @@ A StatefulSetSpec is the specification of a StatefulSet. - **minReadySeconds** (int32) - Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. + Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - **persistentVolumeClaimRetentionPolicy** (StatefulSetPersistentVolumeClaimRetentionPolicy) @@ -171,7 +172,7 @@ StatefulSetStatus represents the current state of a StatefulSet. - **availableReplicas** (int32) - Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. This is a beta field and enabled/disabled by StatefulSetMinReadySeconds feature gate. + Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - **collisionCount** (int32) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index c915d80790f89..6cc36b13d87c0 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -437,7 +437,7 @@ Used on: Node The kubelet can set this annotation on a Node to denote its configured IPv4 address. -When kubelet is started with the "external" cloud provider, it sets this annotation on the Node to denote an IP address set from the command line flag (`--node-ip`). This IP is verified with the cloud provider as valid by the cloud-controller-manager. +When kubelet is started with the `--cloud-provider` flag set to any value (includes both external and legacy in-tree cloud providers), it sets this annotation on the Node to denote an IP address set from the command line flag (`--node-ip`). This IP is verified with the cloud provider as valid by the cloud-controller-manager. ### batch.kubernetes.io/job-completion-index @@ -528,9 +528,9 @@ The kubelet checks D-value of the size of `/proc/sys/kernel/pid_max` and the PID Example: `node.kubernetes.io/out-of-service:NoExecute` -A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach` +A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled on -`kube-controller-manager`, and a Node is marked out-of-service with this taint, the pods on the node will be forcefully deleted if there are no matching tolerations on it and volume detach operations for the pods terminating on the node will happen immediately. This allows the Pods on the out-of-service node to recover quickly on a different node. +`kube-controller-manager`, and a Node is marked out-of-service with this taint, the pods on the node will be forcefully deleted if there are no matching tolerations on it and volume detach operations for the pods terminating on the node will happen immediately. This allows the Pods on the out-of-service node to recover quickly on a different node. {{< caution >}} Refer to @@ -639,15 +639,19 @@ for more information. Example: `kubernetes.io/psp: restricted` -This annotation is only relevant if you are using [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/). +Used on: Pod + +This annotation was only relevant if you were using [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/). +Kubernetes v{{< skew currentVersion >}} does not support the PodSecurityPolicy API. -When the PodSecurityPolicy admission controller admits a Pod, the admission controller -modifies the Pod to have this annotation. -The value of the annotation is the name of the PodSecurityPolicy that was used for validation. +When the PodSecurityPolicy admission controller admitted a Pod, the admission controller +modified the Pod to have this annotation. +The value of the annotation was the name of the PodSecurityPolicy that was used for validation. ### seccomp.security.alpha.kubernetes.io/pod (deprecated) {#seccomp-security-alpha-kubernetes-io-pod} -This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in v1.25. +This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in a future release. +please use the corresponding pod or container `securityContext.seccompProfile` field instead. To specify security settings for a Pod, include the `securityContext` field in the Pod specification. The [`securityContext`](/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) field within a Pod's `.spec` defines pod-level security attributes. When you [specify the security context for a Pod](/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod), @@ -655,7 +659,8 @@ the settings you specify apply to all containers in that Pod. ### container.seccomp.security.alpha.kubernetes.io/[NAME] (deprecated) {#container-seccomp-security-alpha-kubernetes-io} -This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in v1.25. +This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in a future release. +please use the corresponding pod or container `securityContext.seccompProfile` field instead. The tutorial [Restrict a Container's Syscalls with seccomp](/docs/tutorials/security/seccomp/) takes you through the steps you follow to apply a seccomp profile to a Pod or to one of its containers. That tutorial covers the supported mechanism for configuring seccomp in Kubernetes, @@ -672,7 +677,7 @@ This determines whether a user can modify the mode of the source volume when a {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} is being created from a VolumeSnapshot. -Refer to [Converting the volume mode of a Snapshot](/docs/concepts/storage/volume-snapshots/#convert-volume-mode) +Refer to [Converting the volume mode of a Snapshot](/docs/concepts/storage/volume-snapshots/#convert-volume-mode) and the [Kubernetes CSI Developer Documentation](https://kubernetes-csi.github.io/docs/) for more information. ## Annotations used for audit @@ -740,14 +745,3 @@ Used on: Node Example: `node-role.kubernetes.io/control-plane:NoSchedule` Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them. - -### node-role.kubernetes.io/master - -Used on: Node - -Example: `node-role.kubernetes.io/master:NoSchedule` - -Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them. - -{{< note >}} Starting in v1.20, this taint is deprecated in favor of `node-role.kubernetes.io/control-plane` -and will be removed in v1.25.{{< /note >}} diff --git a/content/en/docs/reference/node/kubelet-checkpoint-api.md b/content/en/docs/reference/node/kubelet-checkpoint-api.md new file mode 100644 index 0000000000000..13602a2cafc9c --- /dev/null +++ b/content/en/docs/reference/node/kubelet-checkpoint-api.md @@ -0,0 +1,96 @@ +--- +content_type: "reference" +title: Kubelet Checkpoint API +weight: 10 +--- + + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +Checkpointing a container is the functionality to create a stateful copy of a +running container. Once you have a stateful copy of a container, you could +move it to a different computer for debugging or similar purposes. + +If you move the checkpointed container data to a computer that's able to restore +it, that restored container continues to run at exactly the same +point it was checkpointed. You can also inspect the saved data, provided that you +have suitable tools for doing so. + +Creating a checkpoint of a container might have security implications. Typically +a checkpoint contains all memory pages of all processes in the checkpointed +container. This means that everything that used to be in memory is now available +on the local disk. This includes all private data and possibly keys used for +encryption. The underlying CRI implementations (the container runtime on that node) +should create the checkpoint archive to be only accessible by the `root` user. It +is still important to remember if the checkpoint archive is transferred to another +system all memory pages will be readable by the owner of the checkpoint archive. + +## Operations {#operations} + +### `post` checkpoint the specified container {#post-checkpoint} + +Tell the kubelet to checkpoint a specific container from the specified Pod. + +Consult the [Kubelet authentication/authorization reference](/docs/reference/command-line-tools-reference/kubelet-authentication-authorization) +for more information about how access to the kubelet checkpoint interface is +controlled. + +The kubelet will request a checkpoint from the underlying +{{}} implementation. In the checkpoint +request the kubelet will specify the name of the checkpoint archive as +`checkpoint---.tar` and also request to +store the checkpoint archive in the `checkpoints` directory below its root +directory (as defined by `--root-dir`). This defaults to +`/var/lib/kubelet/checkpoints`. + +The checkpoint archive is in _tar_ format, and could be listed using an implementation of +[`tar`](https://pubs.opengroup.org/onlinepubs/7908799/xcu/tar.html). The contents of the +archive depend on the underlying CRI implementation (the container runtime on that node). + +#### HTTP Request {#post-checkpoint-request} + +POST /checkpoint/{namespace}/{pod}/{container} + +#### Parameters {#post-checkpoint-params} + +- **namespace** (*in path*): string, required + + {{< glossary_tooltip term_id="namespace" >}} + +- **pod** (*in path*): string, required + + {{< glossary_tooltip term_id="pod" >}} + +- **container** (*in path*): string, required + + {{< glossary_tooltip term_id="container" >}} + +- **timeout** (*in query*): integer + + Timeout in seconds to wait until the checkpoint creation is finished. + If zero or no timeout is specfied the default {{}} timeout value will be used. Checkpoint + creation time depends directly on the used memory of the container. + The more memory a container uses the more time is required to create + the corresponding checkpoint. + +#### Response {#post-checkpoint-response} + +200: OK + +401: Unauthorized + +404: Not Found (if the `CheckpointContainer` feature gate is disabled) + +404: Not Found (if the specified `namespace`, `pod` or `container` cannot be found) + +500: Internal Server Error (if the CRI implementation encounter an error during checkpointing (see error message for further details)) + +500: Internal Server Error (if the CRI implementation does not implement the checkpoint CRI API (see error message for further details)) + +{{< comment >}} +TODO: Add more information about return codes once CRI implementation have checkpoint/restore. + This TODO cannot be fixed before the release, because the CRI implementation need + the Kubernetes changes to be merged to implement the new CheckpointContainer CRI API + call. We need to wait after the 1.25 release to fix this. +{{< /comment >}} diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index 0911058ad46cc..86391158266d4 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -4,7 +4,7 @@ content_type: concept weight: 20 --- -{{< feature-state for_k8s_version="v1.19" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} You can customize the behavior of the `kube-scheduler` by writing a configuration file and passing its path as a command line argument. @@ -20,19 +20,25 @@ by implementing one or more of these extension points. You can specify scheduling profiles by running `kube-scheduler --config `, using the -KubeSchedulerConfiguration ([v1beta2](/docs/reference/config-api/kube-scheduler-config.v1beta2/) -or [v1beta3](/docs/reference/config-api/kube-scheduler-config.v1beta3/)) +KubeSchedulerConfiguration ([v1beta3](/docs/reference/config-api/kube-scheduler-config.v1beta3/) +or [v1](/docs/reference/config-api/kube-scheduler-config.v1/)) struct. A minimal configuration looks as follows: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta2 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: kubeconfig: /etc/srv/kubernetes/kube-scheduler/kubeconfig ``` + {{< note >}} + KubeSchedulerConfiguration [v1beta2](/docs/reference/config-api/kube-scheduler-config.v1beta2/) + is deprecated in v1.25 and will be removed in v1.26. Please migrate KubeSchedulerConfiguration to + [v1beta3](/docs/reference/config-api/kube-scheduler-config.v1beta3/) or [v1](/docs/reference/config-api/kube-scheduler-config.v1/) + before upgrading Kubernetes to v1.25. + {{< /note >}} ## Profiles A scheduling Profile allows you to configure the different stages of scheduling @@ -78,14 +84,14 @@ extension points: least one bind plugin is required. 1. `postBind`: This is an informational extension point that is called after a Pod has been bound. -1. `multiPoint`: This is a config-only field that allows plugins to be enabled +1. `multiPoint`: This is a config-only field that allows plugins to be enabled or disabled for all of their applicable extension points simultaneously. For each extension point, you could disable specific [default plugins](#scheduling-plugins) or enable your own. For example: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta2 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - plugins: @@ -172,11 +178,6 @@ extension points: You can also enable the following plugins, through the component config APIs, that are not enabled by default: -- `SelectorSpread`: Favors spreading across nodes for Pods that belong to - {{< glossary_tooltip text="Services" term_id="service" >}}, - {{< glossary_tooltip text="ReplicaSets" term_id="replica-set" >}} and - {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}}. - Extension points: `preScore`, `score`. - `CinderLimits`: Checks that [OpenStack Cinder](https://docs.openstack.org/cinder/) volume limits can be satisfied for the node. Extension points: `filter`. @@ -192,7 +193,7 @@ profiles: one with the default plugins and one with all scoring plugins disabled. ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta2 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: default-scheduler @@ -231,17 +232,17 @@ only has one pending pods queue. ### Plugins that apply to multiple extension points {#multipoint} -Starting from `kubescheduler.config.k8s.io/v1beta3`, there is an additional field in the -profile config, `multiPoint`, which allows for easily enabling or disabling a plugin -across several extension points. The intent of `multiPoint` config is to simplify the +Starting from `kubescheduler.config.k8s.io/v1beta3`, there is an additional field in the +profile config, `multiPoint`, which allows for easily enabling or disabling a plugin +across several extension points. The intent of `multiPoint` config is to simplify the configuration needed for users and administrators when using custom profiles. -Consider a plugin, `MyPlugin`, which implements the `preScore`, `score`, `preFilter`, -and `filter` extension points. To enable `MyPlugin` for all its available extension +Consider a plugin, `MyPlugin`, which implements the `preScore`, `score`, `preFilter`, +and `filter` extension points. To enable `MyPlugin` for all its available extension points, the profile config looks like: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta3 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: multipoint-scheduler @@ -251,11 +252,11 @@ profiles: - name: MyPlugin ``` -This would equate to manually enabling `MyPlugin` for all of its extension +This would equate to manually enabling `MyPlugin` for all of its extension points, like so: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta3 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: non-multipoint-scheduler @@ -274,17 +275,17 @@ profiles: - name: MyPlugin ``` -One benefit of using `multiPoint` here is that if `MyPlugin` implements another -extension point in the future, the `multiPoint` config will automatically enable it +One benefit of using `multiPoint` here is that if `MyPlugin` implements another +extension point in the future, the `multiPoint` config will automatically enable it for the new extension. -Specific extension points can be excluded from `MultiPoint` expansion using -the `disabled` field for that extension point. This works with disabling default -plugins, non-default plugins, or with the wildcard (`'*'`) to disable all plugins. +Specific extension points can be excluded from `MultiPoint` expansion using +the `disabled` field for that extension point. This works with disabling default +plugins, non-default plugins, or with the wildcard (`'*'`) to disable all plugins. An example of this, disabling `Score` and `PreScore`, would be: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta3 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: non-multipoint-scheduler @@ -300,14 +301,15 @@ profiles: - name: '*' ``` -In `v1beta3`, all [default plugins](#scheduling-plugins) are enabled internally through `MultiPoint`. -However, individual extension points are still available to allow flexible -reconfiguration of the default values (such as ordering and Score weights). For -example, consider two Score plugins `DefaultScore1` and `DefaultScore2`, each with +Starting from `kubescheduler.config.k8s.io/v1beta3`, all [default plugins](#scheduling-plugins) +are enabled internally through `MultiPoint`. +However, individual extension points are still available to allow flexible +reconfiguration of the default values (such as ordering and Score weights). For +example, consider two Score plugins `DefaultScore1` and `DefaultScore2`, each with a weight of `1`. They can be reordered with different weights like so: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta3 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: multipoint-scheduler @@ -318,10 +320,10 @@ profiles: weight: 5 ``` -In this example, it's unnecessary to specify the plugins in `MultiPoint` explicitly +In this example, it's unnecessary to specify the plugins in `MultiPoint` explicitly because they are default plugins. And the only plugin specified in `Score` is `DefaultScore2`. -This is because plugins set through specific extension points will always take precedence -over `MultiPoint` plugins. So, this snippet essentially re-orders the two plugins +This is because plugins set through specific extension points will always take precedence +over `MultiPoint` plugins. So, this snippet essentially re-orders the two plugins without needing to specify both of them. The general hierarchy for precedence when configuring `MultiPoint` plugins is as follows: @@ -342,7 +344,7 @@ To demonstrate the above hierarchy, the following example is based on these plug A valid sample configuration for these plugins would be: ```yaml -apiVersion: kubescheduler.config.k8s.io/v1beta3 +apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration profiles: - schedulerName: multipoint-scheduler @@ -363,8 +365,8 @@ profiles: - name: 'DefaultPlugin2' ``` -Note that there is no error for re-declaring a `MultiPoint` plugin in a specific -extension point. The re-declaration is ignored (and logged), as specific extension points +Note that there is no error for re-declaring a `MultiPoint` plugin in a specific +extension point. The re-declaration is ignored (and logged), as specific extension points take precedence. Besides keeping most of the config in one spot, this sample does a few things: @@ -380,14 +382,14 @@ kind: KubeSchedulerConfiguration profiles: - schedulerName: multipoint-scheduler plugins: - + # Disable the default QueueSort plugin queueSort: enabled: - name: 'CustomQueueSort' disabled: - name: 'DefaultQueueSort' - + # Enable custom Filter plugins filter: enabled: @@ -396,7 +398,7 @@ profiles: - name: 'DefaultPlugin2' disabled: - name: 'DefaultPlugin1' - + # Enable and reorder custom score plugins score: enabled: @@ -406,7 +408,7 @@ profiles: weight: 3 ``` -While this is a complicated example, it demonstrates the flexibility of `MultiPoint` config +While this is a complicated example, it demonstrates the flexibility of `MultiPoint` config as well as its seamless integration with the existing methods for configuring extension points. ## Scheduler configuration migrations @@ -451,6 +453,11 @@ as well as its seamless integration with the existing methods for configuring ex * `NodeAffinity` from 1 to 2 * `TaintToleration` from 1 to 3 {{% /tab %}} + +{{% tab name="v1beta3 → v1" %}} +* The scheduler plugin `SelectorSpread` is removed, instead, use the `PodTopologySpread` plugin (enabled by default) +to achieve similar behavior. +{{% /tab %}} {{< /tabs >}} ## {{% heading "whatsnext" %}} @@ -459,3 +466,4 @@ as well as its seamless integration with the existing methods for configuring ex * Learn about [scheduling](/docs/concepts/scheduling-eviction/kube-scheduler/) * Read the [kube-scheduler configuration (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/) reference * Read the [kube-scheduler configuration (v1beta3)](/docs/reference/config-api/kube-scheduler-config.v1beta3/) reference +* Read the [kube-scheduler configuration (v1)](/docs/reference/config-api/kube-scheduler-config.v1/) reference diff --git a/content/en/docs/reference/scheduling/policies.md b/content/en/docs/reference/scheduling/policies.md index 5a28b41769112..d64d5f1bf58df 100644 --- a/content/en/docs/reference/scheduling/policies.md +++ b/content/en/docs/reference/scheduling/policies.md @@ -16,5 +16,4 @@ This scheduling policy is not supported since Kubernetes v1.23. Associated flags * Learn about [scheduling](/docs/concepts/scheduling-eviction/kube-scheduler/) * Learn about [kube-scheduler Configuration](/docs/reference/scheduling/config/) -* Read the [kube-scheduler configuration reference (v1beta3)](/docs/reference/config-api/kube-scheduler-config.v1beta3/) - +* Read the [kube-scheduler configuration reference (v1)](/docs/reference/config-api/kube-scheduler-config.v1/) diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md index d46abeab03fb9..7879a5f4e6ab9 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md @@ -66,7 +66,7 @@ kubeadm config images list [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md index 775881483b86a..2fecb30cc2edd 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md @@ -59,7 +59,7 @@ kubeadm config images pull [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md index 645d11c80b091..e578d44711e66 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md @@ -156,7 +156,7 @@ kubeadm init [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_all.md index 292abcf5fb838..e6df32822072b 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_all.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_all.md @@ -73,7 +73,7 @@ kubeadm init phase addon all [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_coredns.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_coredns.md index 8eddf5bb5df0e..d5eabcacb47cc 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_coredns.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_coredns.md @@ -52,7 +52,7 @@ kubeadm init phase addon coredns [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_kube-proxy.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_kube-proxy.md index 4dc9a18339ccc..e266f6561421c 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_kube-proxy.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_addon_kube-proxy.md @@ -66,7 +66,7 @@ kubeadm init phase addon kube-proxy [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md index 1dfaa1a7cbf99..ebd5eb60ce4a4 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md @@ -112,7 +112,7 @@ kubeadm init phase control-plane all [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md index 9d5f9583b2165..e3711bd0b9a90 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md @@ -94,7 +94,7 @@ kubeadm init phase control-plane apiserver [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md index 48d36cb899f68..dfe63e1750efc 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_controller-manager.md @@ -66,7 +66,7 @@ kubeadm init phase control-plane controller-manager [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md index f726834229022..34679eba57411 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_scheduler.md @@ -59,7 +59,7 @@ kubeadm init phase control-plane scheduler [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_etcd_local.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_etcd_local.md index f5bc0a529b61f..65159fd221693 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_etcd_local.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_etcd_local.md @@ -64,7 +64,7 @@ kubeadm init phase etcd local [flags] ---image-repository string     Default: "k8s.gcr.io" +--image-repository string     Default: "registry.k8s.io"

        Choose a container registry to pull control plane images from

        diff --git a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md index bfeff8ebbe6b9..cf7126610ca87 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md +++ b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md @@ -362,7 +362,7 @@ The static Pod manifest for the scheduler is not affected by parameters provided ### Generate static Pod manifest for local etcd -If the user specified an external etcd this step will be skipped, otherwise kubeadm generates a +If you specified an external etcd this step will be skipped, otherwise kubeadm generates a static Pod manifest file for creating a local etcd instance running in a Pod with following attributes: - listen on `localhost:2379` and use `HostNetwork=true` @@ -371,12 +371,12 @@ static Pod manifest file for creating a local etcd instance running in a Pod wit Please note that: -1. The etcd image will be pulled from `k8s.gcr.io` by default. See +1. The etcd container image will be pulled from `registry.gcr.io` by default. See [using custom images](/docs/reference/setup-tools/kubeadm/kubeadm-init/#custom-images) - for customizing the image repository -2. In case of kubeadm is executed in the `--dry-run` mode, the etcd static Pod manifest is written - in a temporary folder. -3. Static Pod manifest generation for local etcd can be invoked individually with the + for customizing the image repository. +2. If you run kubeadm in `--dry-run` mode, the etcd static Pod manifest is written + into a temporary folder. +3. You can directly invoke static Pod manifest generation for local etcd, using the [`kubeadm init phase etcd local`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-etcd) command. @@ -409,6 +409,12 @@ Please note that: As soon as the control plane is available, kubeadm executes following actions: - Labels the node as control-plane with `node-role.kubernetes.io/control-plane=""` +<<<<<<< HEAD +- Taints the node with `node-role.kubernetes.io/control-plane:NoSchedule` + +Please note that the phase to mark the control-plane phase phase can be invoked +individually with the [`kubeadm init phase mark-control-plane`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-mark-control-plane) command. +======= - Taints the node with `node-role.kubernetes.io/master:NoSchedule` and `node-role.kubernetes.io/control-plane:NoSchedule` @@ -417,6 +423,7 @@ Please note that: 1. The `node-role.kubernetes.io/master` taint is deprecated and will be removed in kubeadm version 1.25 1. Mark control-plane phase phase can be invoked individually with the command [`kubeadm init phase mark-control-plane`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-mark-control-plane) +>>>>>>> upstream/main ### Configure TLS-Bootstrapping for node joining diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md index 124d1ddfd22ea..39f7d0cce928c 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md +++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md @@ -155,15 +155,15 @@ directly to kubeadm is not supported. Instead, it is possible to pass them by List of feature gates: {{< table caption="kubeadm feature gates" >}} -Feature | Default | Alpha | Beta -:-------|:--------|:------|:----- -`PublicKeysECDSA` | `false` | 1.19 | - -`RootlessControlPlane` | `false` | 1.22 | - -`UnversionedKubeletConfigMap` | `true` | 1.22 | 1.23 +Feature | Default | Alpha | Beta | GA +:-------|:--------|:------|:-----|:---- +`PublicKeysECDSA` | `false` | 1.19 | - | - +`RootlessControlPlane` | `false` | 1.22 | - | - +`UnversionedKubeletConfigMap` | `true` | 1.22 | 1.23 | 1.25 {{< /table >}} {{< note >}} -Once a feature gate goes GA it is removed from this list as its value becomes locked to `true` by default. +Once a feature gate goes GA its value becomes locked to `true` by default. {{< /note >}} Feature gate descriptions: @@ -189,10 +189,6 @@ or `kubeadm upgrade apply`), kubeadm respects the value of `UnversionedKubeletCo (during `kubeadm join`, `kubeadm reset`, `kubeadm upgrade ...`), kubeadm attempts to use unversioned ConfigMap name first; if that does not succeed, kubeadm falls back to using the legacy (versioned) name for that ConfigMap. -{{< note >}} -Setting `UnversionedKubeletConfigMap` to `false` is supported but **deprecated**. -{{< /note >}} - ### Adding kube-proxy parameters {#kube-proxy} For information about kube-proxy parameters in the kubeadm configuration see: @@ -220,11 +216,11 @@ kubeadm config images pull You can pass `--config` to the above commands with a [kubeadm configuration file](#config-file) to control the `kubernetesVersion` and `imageRepository` fields. -All default `k8s.gcr.io` images that kubeadm requires support multiple architectures. +All default `registry.k8s.io` images that kubeadm requires support multiple architectures. ### Using custom images {#custom-images} -By default, kubeadm pulls images from `k8s.gcr.io`. If the +By default, kubeadm pulls images from `registry.k8s.io`. If the requested Kubernetes version is a CI label (such as `ci/latest`) `gcr.io/k8s-staging-ci-images` is used. @@ -233,18 +229,18 @@ Allowed customization are: * To provide `kubernetesVersion` which affects the version of the images. * To provide an alternative `imageRepository` to be used instead of - `k8s.gcr.io`. + `registry.k8s.io`. * To provide a specific `imageRepository` and `imageTag` for etcd or CoreDNS. -Image paths between the default `k8s.gcr.io` and a custom repository specified using +Image paths between the default `registry.k8s.io` and a custom repository specified using `imageRepository` may differ for backwards compatibility reasons. For example, -one image might have a subpath at `k8s.gcr.io/subpath/image`, but be defaulted +one image might have a subpath at `registry.k8s.io/subpath/image`, but be defaulted to `my.customrepository.io/image` when using a custom repository. To ensure you push the images to your custom repository in paths that kubeadm can consume, you must: -* Pull images from the defaults paths at `k8s.gcr.io` using `kubeadm config images {list|pull}`. +* Pull images from the defaults paths at `registry.k8s.io` using `kubeadm config images {list|pull}`. * Push images to the paths from `kubeadm config images list --config=config.yaml`, where `config.yaml` contains the custom `imageRepository`, and/or `imageTag` for etcd and CoreDNS. diff --git a/content/en/docs/reference/using-api/api-concepts.md b/content/en/docs/reference/using-api/api-concepts.md index 1a722acffd229..0feca02fc2716 100644 --- a/content/en/docs/reference/using-api/api-concepts.md +++ b/content/en/docs/reference/using-api/api-concepts.md @@ -661,6 +661,88 @@ of single-resource API requests, then aggregates the responses if needed. By contrast, the Kubernetes API verbs **list** and **watch** allow getting multiple resources, and **deletecollection** allows deleting multiple resources. +## Field validation + +Kubernetes always validates the type of fields. For example, if a field in the +API is defined as a number, you cannot set the field to a text value. If a field +is defined as an array of strings, you can only provide an array. Some fields +allow you to omit them, other fields are required. Omitting a required field +from an API request is an error. + +If you make a request with an extra field, one that the cluster's control plane +does not recognize, then the behavior of the API server is more complicated. + +By default, the API server drops fields that it does not recognize +from an input that it receives (for example, the JSON body of a `PUT` request). + +There are two situations where the API server drops fields that you supplied in +an HTTP request. + +These situations are: + +1. The field is unrecognized because it is not in the resource's OpenAPI schema. (One + exception to this is for {{< glossary_tooltip + term_id="CustomResourceDefinition" text="CRDs" >}} that explicitly choose not to prune unknown + fields via `x-kubernetes-preserve-unknown-fields`). +2. The field is duplicated in the object. + +### Setting the field validation level + + {{< feature-state for_k8s_version="v1.25" state="beta" >}} + +Provided that the `ServerSideFieldValidation` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled (disabled +by default in 1.23 and 1.24, enabled by default starting in 1.25), you can take +advantage of server side field validation to catch these unrecognized fields. + +When you use HTTP verbs that can submit data (`POST`, `PUT`, and `PATCH`), field +validation gives you the option to choose how you would like to be notified of +these fields that are being dropped by the API server. Possible levels of +validation are `Ignore`, `Warn`, and `Strict`. + +{{< note >}} +If you submit a request that specifies an unrecognized field, and that is also invalid for +a different reason (for example, the request provides a string value where the API expects +an integer), then the API server responds with a 400 Bad Request error response. + +You always receive an error response in this case, no matter what field validation level you requested. +{{< /note >}} + +Field validation is set by the `fieldValidation` query parameter. The three +values that you can provide for this parameter are: + +`Ignore` +: The API server succeeds in handling the request as it would without the erroneous fields +being set, dropping all unknown and duplicate fields and giving no indication it +has done so. + +`Warn` +: (Default) The API server succeeds in handling the request, and reports a +warning to the client. The warning is sent using the `Warning:` response header, +adding one warning item for each unknown or duplicate field. For more +information about warnings and the Kubernetes API, see the blog article +[Warning: Helpful Warnings Ahead](/blog/2020/09/03/warnings/). + +`Strict` +: The API server rejects the request with a 400 Bad Request error when it +detects any unknown or duplicate fields. The response message from the API +server specifies all the unknown or duplicate fields that the API server has +detected. + +Tools that submit requests to the server (such as `kubectl`), might set their own +defaults that are different from the `Warn` validation level that the API server uses +by default. + +The `kubectl` tool uses the `--validate` flag to set the level of field validation. +Historically `--validate` was used to toggle client-side validation on or off as +a boolean flag. Since Kubernetes 1.25, kubectl uses +server-side field validation when sending requests to a serer with this feature +enabled. Validation will fall back to client-side only when it cannot connect +to an API server with field validation enabled. +It accepts the values `ignore`, `warn`, +and `strict` while also accepting the values `true` (equivalent to `strict`) and `false` +(equivalent to `ignore`). The default validation setting for kubectl is `--validate=true`, +which means strict server-side field validation. + ## Dry-run {{< feature-state for_k8s_version="v1.18" state="stable" >}} diff --git a/content/en/docs/setup/best-practices/node-conformance.md b/content/en/docs/setup/best-practices/node-conformance.md index e1140664cb898..c57932aa331f4 100644 --- a/content/en/docs/setup/best-practices/node-conformance.md +++ b/content/en/docs/setup/best-practices/node-conformance.md @@ -40,7 +40,7 @@ To run the node conformance test, perform the following steps: # $LOG_DIR is the test output path. sudo docker run -it --rm --privileged --net=host \ -v /:/rootfs -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \ - k8s.gcr.io/node-test:0.2 + registry.k8s.io/node-test:0.2 ``` ## Running Node Conformance Test for Other Architectures @@ -63,7 +63,7 @@ regular expression of tests you want to run. sudo docker run -it --rm --privileged --net=host \ -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \ -e FOCUS=MirrorPod \ # Only run MirrorPod test - k8s.gcr.io/node-test:0.2 + registry.k8s.io/node-test:0.2 ``` To skip specific tests, overwrite the environment variable `SKIP` with the @@ -73,7 +73,7 @@ regular expression of tests you want to skip. sudo docker run -it --rm --privileged --net=host \ -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \ -e SKIP=MirrorPod \ # Run all conformance tests but skip MirrorPod test - k8s.gcr.io/node-test:0.2 + registry.k8s.io/node-test:0.2 ``` Node conformance test is a containerized version of [node e2e test](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-node/e2e-node-tests.md). diff --git a/content/en/docs/setup/production-environment/container-runtimes.md b/content/en/docs/setup/production-environment/container-runtimes.md index 44f098ccfcf69..d581405c45aa0 100644 --- a/content/en/docs/setup/production-environment/container-runtimes.md +++ b/content/en/docs/setup/production-environment/container-runtimes.md @@ -87,22 +87,67 @@ sudo sysctl --system On Linux, {{< glossary_tooltip text="control groups" term_id="cgroup" >}} are used to constrain resources that are allocated to processes. +Both {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and the +underlying container runtime need to interface with control groups to enforce +[resource management for pods and containers](/docs/concepts/configuration/manage-resources-containers/) and set +resources such as cpu/memory requests and limits. To interface with control +groups, the kubelet and the container runtime need to use a *cgroup driver*. +It's critical that the kubelet and the container runtime uses the same cgroup +driver and are configured the same. + +There are two cgroup drivers available: + +* [`cgroupfs`](#cgroupfs-cgroup-driver) +* [`systemd`](#systemd-cgroup-driver) + +### cgroupfs driver {#cgroupfs-cgroup-driver} + +The `cgroupfs` driver is the default cgroup driver in the kubelet. When the `cgroupfs` +driver is used, the kubelet and the container runtime directly interface with +the cgroup filesystem to configure cgroups. + +The `cgroupfs` driver is **not** recommended when +[systemd](https://www.freedesktop.org/wiki/Software/systemd/) is the +init system because systemd expects a single cgroup manager on +the system. Additionally, if you use [cgroup v2](/docs/concepts/architecture/cgroups) +, use the `systemd` cgroup driver instead of +`cgroupfs`. + +### systemd cgroup driver {#systemd-cgroup-driver} + When [systemd](https://www.freedesktop.org/wiki/Software/systemd/) is chosen as the init system for a Linux distribution, the init process generates and consumes a root control group (`cgroup`) and acts as a cgroup manager. -Systemd has a tight integration with cgroups and allocates a cgroup per systemd unit. It's possible -to configure your container runtime and the kubelet to use `cgroupfs`. Using `cgroupfs` alongside -systemd means that there will be two different cgroup managers. -A single cgroup manager simplifies the view of what resources are being allocated -and will by default have a more consistent view of the available and in-use resources. -When there are two cgroup managers on a system, you end up with two views of those resources. -In the field, people have reported cases where nodes that are configured to use `cgroupfs` -for the kubelet and Docker, but `systemd` for the rest of the processes, become unstable under -resource pressure. +systemd has a tight integration with cgroups and allocates a cgroup per systemd +unit. As a result, if you use `systemd` as the init system with the `cgroupfs` +driver, the system gets two different cgroup managers. + +Two cgroup managers result in two views of the available and in-use resources in +the system. In some cases, nodes that are configured to use `cgroupfs` for the +kubelet and container runtime, but use `systemd` for the rest of the processes become +unstable under resource pressure. + +The approach to mitigate this instability is to use `systemd` as the cgroup driver for +the kubelet and the container runtime when systemd is the selected init system. + +To set `systemd` as the cgroup driver, edit the +[`KubeletConfiguration`](/docs/tasks/administer-cluster/kubelet-config-file/) +option of `cgroupDriver` and set it to `systemd`. For example: + +```yaml +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +... +cgroupDriver: systemd +``` + +If you configure `systemd` as the cgroup driver for the kubelet, you must also +configure `systemd` as the cgroup driver for the container runtime. Refer to +the documentation for your container runtime for instructions. For example: -Changing the settings such that your container runtime and kubelet use `systemd` as the cgroup driver -stabilized the system. To configure this for Docker, set `native.cgroupdriver=systemd`. +* [containerd](#containerd-systemd) +* [CRI-O](#cri-o) {{< caution >}} Changing the cgroup driver of a Node that has joined a cluster is a sensitive operation. @@ -114,41 +159,6 @@ If you have automation that makes it feasible, replace the node with another usi configuration, or reinstall it using automation. {{< /caution >}} -### Cgroup version 2 {#cgroup-v2} - -Cgroup v2 is the next version of the cgroup Linux API. Differently than cgroup v1, there is a single -hierarchy instead of a different one for each controller. - -The new version offers several improvements over cgroup v1, some of these improvements are: - -- cleaner and easier to use API -- safe sub-tree delegation to containers -- newer features like Pressure Stall Information - -Even if the kernel supports a hybrid configuration where some controllers are managed by cgroup v1 -and some others by cgroup v2, Kubernetes supports only the same cgroup version to manage all the -controllers. - -If systemd doesn't use cgroup v2 by default, you can configure the system to use it by adding -`systemd.unified_cgroup_hierarchy=1` to the kernel command line. - -```shell -# This example is for a Linux OS that uses the DNF package manager -# Your system might use a different method for setting the command line -# that the Linux kernel uses. -sudo dnf install -y grubby && \ - sudo grubby \ - --update-kernel=ALL \ - --args="systemd.unified_cgroup_hierarchy=1" -``` - -If you change the command line for the kernel, you must reboot the node before your -change takes effect. - -There should not be any noticeable difference in the user experience when switching to cgroup v2, unless -users are accessing the cgroup file system directly, either on the node or from within the containers. - -In order to use it, cgroup v2 must be supported by the CRI runtime as well. ### Migrating to the `systemd` driver in kubeadm managed clusters @@ -197,6 +207,9 @@ To use the `systemd` cgroup driver in `/etc/containerd/config.toml` with `runc`, [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true ``` + +The `systemd` cgroup driver is recommended if you use [cgroup v2](/docs/concepts/architecture/cgroups). + {{< note >}} If you installed containerd from a package (for example, RPM or `.deb`), you may find that the CRI integration plugin is disabled by default. @@ -222,7 +235,7 @@ sandbox image by setting the following config: ```toml [plugins."io.containerd.grpc.v1.cri"] - sandbox_image = "k8s.gcr.io/pause:3.2" + sandbox_image = "registry.k8s.io/pause:3.2" ``` You might need to restart `containerd` as well once you've updated the config file: `systemctl restart containerd`. diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md b/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md index f15315f3ad2d6..6b3724c8f7781 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md @@ -134,13 +134,13 @@ etcd: election-timeout: 1000 ``` -## Customizing the control plane with patches {#patches} +## Customizing with patches {#patches} {{< feature-state for_k8s_version="v1.22" state="beta" >}} Kubeadm allows you to pass a directory with patch files to `InitConfiguration` and `JoinConfiguration` -on individual nodes. These patches can be used as the last customization step before the control -plane component manifests are written to disk. +on individual nodes. These patches can be used as the last customization step before component configuration +is written to disk. You can pass this file to `kubeadm init` with `--config `: @@ -168,7 +168,8 @@ patches: The directory must contain files named `target[suffix][+patchtype].extension`. For example, `kube-apiserver0+merge.yaml` or just `etcd.json`. -- `target` can be one of `kube-apiserver`, `kube-controller-manager`, `kube-scheduler` and `etcd`. +- `target` can be one of `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, `etcd` +and `kubeletconfiguration`. - `patchtype` can be one of `strategic`, `merge` or `json` and these must match the patching formats [supported by kubectl](/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch). The default `patchtype` is `strategic`. @@ -183,20 +184,22 @@ flag, which must point to the same directory. `kubeadm upgrade` currently does n API structure that can be used for the same purpose. {{< /note >}} -## Customizing the kubelet +## Customizing the kubelet {#kubelet} -To customize the kubelet you can add a `KubeletConfiguration` next to the `ClusterConfiguration` or -`InitConfiguration` separated by `---` within the same configuration file. This file can then be passed to `kubeadm init`. +To customize the kubelet you can add a [`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/) +next to the `ClusterConfiguration` or `InitConfiguration` separated by `---` within the same configuration file. +This file can then be passed to `kubeadm init` and kubeadm will apply the same base `KubeletConfiguration` +to all nodes in the cluster. -{{< note >}} -kubeadm applies the same `KubeletConfiguration` to all nodes in the cluster. To apply node -specific settings you can use kubelet flags as overrides by passing them in the `nodeRegistration.kubeletExtraArgs` -field supported by both `InitConfiguration` and `JoinConfiguration`. Some kubelet flags are deprecated, -so check their status in the [kubelet reference documentation](/docs/reference/command-line-tools-reference/kubelet) -before using them. -{{< /note >}} +For applying instance-specific configuration over the base `KubeletConfiguration` you can use the +[`kubeletconfiguration` patch target](#patches). + +Alternatively, you can use kubelet flags as overrides by passing them in the +`nodeRegistration.kubeletExtraArgs` field supported by both `InitConfiguration` and `JoinConfiguration`. +Some kubelet flags are deprecated, so check their status in the +[kubelet reference documentation](/docs/reference/command-line-tools-reference/kubelet) before using them. -For more details see [Configuring each kubelet in your cluster using kubeadm](/docs/setup/production-environment/tools/kubeadm/kubelet-integration) +For additional details see [Configuring each kubelet in your cluster using kubeadm](/docs/setup/production-environment/tools/kubeadm/kubelet-integration) ## Customizing kube-proxy diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md index 9aa1dfbff5b73..7e621520b8a75 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md @@ -88,7 +88,7 @@ After you initialize your control-plane, the kubelet runs normally. ### Preparing the required container images This step is optional and only applies in case you wish `kubeadm init` and `kubeadm join` -to not download the default container images which are hosted at `k8s.gcr.io`. +to not download the default container images which are hosted at `registry.k8s.io`. Kubeadm has commands that can help you pre-pull the required images when creating a cluster without an internet connection on its nodes. @@ -305,7 +305,7 @@ reasons. If you want to be able to schedule Pods on the control plane nodes, for example for a single machine Kubernetes cluster, run: ```bash -kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master- +kubectl taint nodes --all node-role.kubernetes.io/control-plane- ``` The output will look something like: @@ -315,14 +315,9 @@ node "test-01" untainted ... ``` -This will remove the `node-role.kubernetes.io/control-plane` and -`node-role.kubernetes.io/master` taints from any nodes that have them, -including the control plane nodes, meaning that the scheduler will then be able -to schedule Pods everywhere. - -{{< note >}} -The `node-role.kubernetes.io/master` taint is deprecated and kubeadm will stop using it in version 1.25. -{{< /note >}} +This will remove the `node-role.kubernetes.io/control-plane:NoSchedule` taint +from any nodes that have it, including the control plane nodes, meaning that the +scheduler will then be able to schedule Pods everywhere. ### Joining your nodes {#join-nodes} diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md index 2ebe0c9691a72..c82a84d616823 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md @@ -97,7 +97,7 @@ _See [External etcd topology](/docs/setup/production-environment/tools/kubeadm/h ### Container images -Each host should have access read and fetch images from the Kubernetes container image registry, `k8s.gcr.io`. +Each host should have access read and fetch images from the Kubernetes container image registry, `registry.k8s.io`. If you want to deploy a highly-available cluster where the hosts do not have access to pull images, this is possible. You must ensure by some other means that the correct container images are already available on the relevant hosts. ### Command line interface {#kubectl} @@ -226,8 +226,8 @@ option. Your cluster requirements may need a different configuration. As stated in the command output, the certificate key gives access to cluster sensitive data, keep it secret! {{< /caution >}} -1. Apply the CNI plugin of your choice: - [Follow these instructions](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#pod-network) +1. Apply the CNI plugin of your choice: + [Follow these instructions](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#pod-network) to install the CNI provider. Make sure the configuration corresponds to the Pod CIDR specified in the kubeadm configuration file (if applicable). diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/kubelet-integration.md b/content/en/docs/setup/production-environment/tools/kubeadm/kubelet-integration.md index 63c1f718abf76..408ab8a3a2c0d 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/kubelet-integration.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/kubelet-integration.md @@ -87,20 +87,21 @@ networking, or other host-specific parameters. The following list provides a few - To specify the container runtime you must set its endpoint with the `--container-runtime-endpoint=` flag. -You can specify these flags by configuring an individual kubelet's configuration in your service manager, -such as systemd. +The recommended way of applying such instance-specific configuration is by using +[`KubeletConfiguration` patches](/docs/setup/production-environment/tools/kubeadm/control-plane-flags#patches). ## Configure kubelets using kubeadm -It is possible to configure the kubelet that kubeadm will start if a custom `KubeletConfiguration` +It is possible to configure the kubelet that kubeadm will start if a custom +[`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/) API object is passed with a configuration file like so `kubeadm ... --config some-config-file.yaml`. By calling `kubeadm config print init-defaults --component-configs KubeletConfiguration` you can see all the default values for this structure. -Also have a look at the -[reference for the KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/) -for more information on the individual fields. +It is also possible to apply instance-specific patches over the base `KubeletConfiguration`. +Have a look at [Customizing the kubelet](/docs/setup/production-environment/tools/kubeadm/control-plane-flags#customizing-the-kubelet) +for more details. ### Workflow when using `kubeadm init` diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md index c5abcde425365..4fa48c4bfb07e 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md @@ -31,7 +31,7 @@ etcd cluster of three members that can be used by kubeadm during cluster creatio the kubeadm config file. * Each host must have systemd and a bash compatible shell installed. * Each host must [have a container runtime, kubelet, and kubeadm installed](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/). -* Each host should have access to the Kubernetes container image registry (`k8s.gcr.io`) or list/pull the required etcd image using +* Each host should have access to the Kubernetes container image registry (`registry.k8s.io`) or list/pull the required etcd image using `kubeadm config images list/pull`. This guide will setup etcd instances as [static pods](/docs/tasks/configure-pod-container/static-pod/) managed by a kubelet. * Some infrastructure to copy files between hosts. For example `ssh` and `scp` @@ -276,7 +276,7 @@ on Kubernetes dual-stack support see [Dual-stack support with kubeadm](/docs/set ```sh docker run --rm -it \ --net host \ - -v /etc/kubernetes:/etc/kubernetes k8s.gcr.io/etcd:${ETCD_TAG} etcdctl \ + -v /etc/kubernetes:/etc/kubernetes registry.k8s.io/etcd:${ETCD_TAG} etcdctl \ --cert /etc/kubernetes/pki/etcd/peer.crt \ --key /etc/kubernetes/pki/etcd/peer.key \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md index 7b195a34fd0a3..de8ddce39eb95 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md @@ -351,7 +351,7 @@ A known solution is to patch the kube-proxy DaemonSet to allow scheduling it on nodes regardless of their conditions, keeping it off of other nodes until their initial guarding conditions abate: ``` -kubectl -n kube-system patch ds kube-proxy -p='{ "spec": { "template": { "spec": { "tolerations": [ { "key": "CriticalAddonsOnly", "operator": "Exists" }, { "effect": "NoSchedule", "key": "node-role.kubernetes.io/master" }, { "effect": "NoSchedule", "key": "node-role.kubernetes.io/control-plane" } ] } } } }' +kubectl -n kube-system patch ds kube-proxy -p='{ "spec": { "template": { "spec": { "tolerations": [ { "key": "CriticalAddonsOnly", "operator": "Exists" }, { "effect": "NoSchedule", "key": "node-role.kubernetes.io/control-plane" } ] } } } }' ``` The tracking issue for this problem is [here](https://github.com/kubernetes/kubeadm/issues/1027). diff --git a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md index 0a9183f276861..6400f40957e99 100644 --- a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md +++ b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md @@ -256,6 +256,7 @@ You will still have to enable each option using the `CPUManagerPolicyOptions` ku The following policy options exist for the static `CPUManager` policy: * `full-pcpus-only` (beta, visible by default) * `distribute-cpus-across-numa` (alpha, hidden by default) +* `align-by-socket` (alpha, hidden by default) If the `full-pcpus-only` policy option is specified, the static policy will always allocate full physical cores. By default, without this option, the static policy allocates CPUs using a topology-aware best-fit allocation. @@ -279,6 +280,19 @@ By distributing CPUs evenly across NUMA nodes, application developers can more easily ensure that no single worker suffers from NUMA effects more than any other, improving the overall performance of these types of applications. +If the `align-by-socket` policy option is specified, CPUs will be considered +aligned at the socket boundary when deciding how to allocate CPUs to a +container. By default, the `CPUManager` aligns CPU allocations at the NUMA +boundary, which could result in performance degradation if CPUs need to be +pulled from more than one NUMA node to satisfy the allocation. Although it +tries to ensure that all CPUs are allocated from the _minimum_ number of NUMA +nodes, there is no guarantee that those NUMA nodes will be on the same socket. +By directing the `CPUManager` to explicitly align CPUs at the socket boundary +rather than the NUMA boundary, we are able to avoid such issues. Note, this +policy option is not compatible with `TopologyManager` `single-numa-node` +policy and does not apply to hardware where the number of sockets is greater +than number of NUMA nodes. + The `full-pcpus-only` option can be enabled by adding `full-pcups-only=true` to the CPUManager policy options. Likewise, the `distribute-cpus-across-numa` option can be enabled by adding @@ -286,3 +300,6 @@ Likewise, the `distribute-cpus-across-numa` option can be enabled by adding When both are set, they are "additive" in the sense that CPUs will be distributed across NUMA nodes in chunks of full-pcpus rather than individual cores. +The `align-by-socket` policy option can be enabled by adding `align-by-socket=true` +to the `CPUManager` policy options. It is also additive to the `full-pcpus-only` +and `distribute-cpus-across-numa` policy options. diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index d510caff81a98..2cbce75d06a46 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -89,7 +89,7 @@ Name | Encryption | Strength | Speed | Key Length | Other Considerations `secretbox` | XSalsa20 and Poly1305 | Strong | Faster | 32-byte | A newer standard and may not be considered acceptable in environments that require high levels of review. `aesgcm` | AES-GCM with random nonce | Must be rotated every 200k writes | Fastest | 16, 24, or 32-byte | Is not recommended for use except when an automated key rotation scheme is implemented. `aescbc` | AES-CBC with [PKCS#7](https://datatracker.ietf.org/doc/html/rfc2315) padding | Weak | Fast | 32-byte | Not recommended due to CBC's vulnerability to padding oracle attacks. -`kms` | Uses envelope encryption scheme: Data is encrypted by data encryption keys (DEKs) using AES-CBC with [PKCS#7](https://datatracker.ietf.org/doc/html/rfc2315) padding, DEKs are encrypted by key encryption keys (KEKs) according to configuration in Key Management Service (KMS) | Strongest | Fast | 32-bytes | The recommended choice for using a third party tool for key management. Simplifies key rotation, with a new DEK generated for each encryption, and KEK rotation controlled by the user. [Configure the KMS provider](/docs/tasks/administer-cluster/kms-provider/) +`kms` | Uses envelope encryption scheme: Data is encrypted by data encryption keys (DEKs) using AES-CBC with [PKCS#7](https://datatracker.ietf.org/doc/html/rfc2315) padding (prior to v1.25), using AES-GCM starting from v1.25, DEKs are encrypted by key encryption keys (KEKs) according to configuration in Key Management Service (KMS) | Strongest | Fast | 32-bytes | The recommended choice for using a third party tool for key management. Simplifies key rotation, with a new DEK generated for each encryption, and KEK rotation controlled by the user. [Configure the KMS provider](/docs/tasks/administer-cluster/kms-provider/) Each provider supports multiple keys - the keys are tried in order for decryption, and if the provider is the first provider, the first key is used for encryption. diff --git a/content/en/docs/tasks/administer-cluster/kms-provider.md b/content/en/docs/tasks/administer-cluster/kms-provider.md index db00955ec1b13..a2f794d3d8b0a 100644 --- a/content/en/docs/tasks/administer-cluster/kms-provider.md +++ b/content/en/docs/tasks/administer-cluster/kms-provider.md @@ -5,18 +5,38 @@ title: Using a KMS provider for data encryption content_type: task --- -This page shows how to configure a Key Management Service (KMS) provider and plugin to enable secret data encryption. +This page shows how to configure a Key Management Service (KMS) provider and plugin to enable secret data encryption. Currently there are two KMS API versions. KMS v1 will continue to work while v2 develops in maturity. If you are not sure which KMS API version to pick, choose v1. ## {{% heading "prerequisites" %}} -* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} +{{< include "task-tutorial-prereqs.md" >}} +The version of Kubernetes that you need depends on which KMS API version +you have selected. + +- If you selected KMS API v1, any supported Kubernetes version will work fine. +- If you selected KMS API v2, you should use Kubernetes v{{< skew currentVersion >}} + (if you are running a different version of Kubernetes that also supports the v2 KMS + API, switch to the documentation for that version of Kubernetes). + +{{< version-check >}} + +### KMS v1 * Kubernetes version 1.10.0 or later is required -* etcd v3 or later is required +* Your cluster must use etcd v3 or later {{< feature-state for_k8s_version="v1.12" state="beta" >}} +### KMS v2 +* Kubernetes version 1.25.0 or later is required + +* Set kube-apiserver feature gate: `--feature-gates=KMSv2=true` to configure a KMS v2 provider + +* Your cluster must use etcd v3 or later + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + The KMS encryption provider uses an envelope encryption scheme to encrypt data in etcd. @@ -31,7 +51,18 @@ as the Kubernetes control plane, is responsible for all communication with the r To configure a KMS provider on the API server, include a provider of type `kms` in the `providers` array in the encryption configuration file and set the following properties: -* `name`: Display name of the KMS plugin. +### KMS v1 {#configuring-the-kms-provider-kms-v1} +* `name`: Display name of the KMS plugin. Cannot be changed once set. +* `endpoint`: Listen address of the gRPC server (KMS plugin). The endpoint is a UNIX domain socket. +* `cachesize`: Number of data encryption keys (DEKs) to be cached in the clear. + When cached, DEKs can be used without another call to the KMS; + whereas DEKs that are not cached require a call to the KMS to unwrap. +* `timeout`: How long should `kube-apiserver` wait for kms-plugin to respond before + returning an error (default is 3 seconds). + +### KMS v2 {#configuring-the-kms-provider-kms-v2} +* `apiVersion`: API Version for KMS provider (Allowed values: v2, v1 or empty. Any other value will result in an error.) Must be set to v2 to use the KMS v2 APIs. +* `name`: Display name of the KMS plugin. Cannot be changed once set. * `endpoint`: Listen address of the gRPC server (KMS plugin). The endpoint is a UNIX domain socket. * `cachesize`: Number of data encryption keys (DEKs) to be cached in the clear. When cached, DEKs can be used without another call to the KMS; @@ -56,18 +87,29 @@ Refer to your cloud provider for instructions on enabling the cloud provider-spe You can develop a KMS plugin gRPC server using a stub file available for Go. For other languages, you use a proto file to create a stub file that you can use to develop the gRPC server code. +#### KMS v1 {#developing-a-kms-plugin-gRPC-server-kms-v1} * Using Go: Use the functions and data structures in the stub file: - [service.pb.go](https://github.com/kubernetes/kubernetes/blob/release-1.24/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.pb.go) + [api.pb.go](https://github.com/kubernetes/kubernetes/blob/release-1.25/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/api.pb.go) to develop the gRPC server code * Using languages other than Go: Use the protoc compiler with the proto file: - [service.proto](https://github.com/kubernetes/kubernetes/blob/release-1.24/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.proto) + [api.proto](https://github.com/kubernetes/kubernetes/blob/release-1.25/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/api.proto) + to generate a stub file for the specific language + +#### KMS v2 {#developing-a-kms-plugin-gRPC-server-kms-v2} +* Using Go: Use the functions and data structures in the stub file: + [api.pb.go](https://github.com/kubernetes/kubernetes/blob/release-1.25/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v2alpha1/api.pb.go) + to develop the gRPC server code + +* Using languages other than Go: Use the protoc compiler with the proto file: + [api.proto](https://github.com/kubernetes/kubernetes/blob/release-1.25/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v2alpha1/api.proto) to generate a stub file for the specific language Then use the functions and data structures in the stub file to develop the server code. -**Notes:** +#### Notes +##### KMS v1 {#developing-a-kms-plugin-gRPC-server-notes-kms-v1} * kms plugin version: `v1beta1` In response to procedure call Version, a compatible KMS plugin should return `v1beta1` as `VersionResponse.version`. @@ -78,7 +120,16 @@ Then use the functions and data structures in the stub file to develop the serve * protocol: UNIX domain socket (`unix`) - The gRPC server should listen at UNIX domain socket. + The plugin is implemented as a gRPC server that listens at UNIX domain socket. The plugin deployment should create a file on the file system to run the gRPC unix domain socket connection. The API server (gRPC client) is configured with the KMS provider (gRPC server) unix domain socket endpoint in order to communicate with it. An abstract Linux socket may be used by starting the endpoint with `/@`, i.e. `unix:///@foo`. Care must be taken when using this type of socket as they do not have concept of ACL (unlike traditional file based sockets). However, they are subject to Linux networking namespace, so will only be accessible to containers within the same pod unless host networking is used. + +##### KMS v2 {#developing-a-kms-plugin-gRPC-server-notes-kms-v2} +* kms plugin version: `v2alpha1` + + In response to procedure call Status, a compatible KMS plugin should return `v2alpha1` as `StatusResponse.Version`, "ok" as `StatusResponse.Healthz` and a keyID (KMS KEK ID) as `StatusResponse.KeyID` + +* protocol: UNIX domain socket (`unix`) + + The plugin is implemented as a gRPC server that listens at UNIX domain socket. The plugin deployment should create a file on the file system to run the gRPC unix domain socket connection. The API server (gRPC client) is configured with the KMS provider (gRPC server) unix domain socket endpoint in order to communicate with it. An abstract Linux socket may be used by starting the endpoint with `/@`, i.e. `unix:///@foo`. Care must be taken when using this type of socket as they do not have concept of ACL (unlike traditional file based sockets). However, they are subject to Linux networking namespace, so will only be accessible to containers within the same pod unless host networking is used. ### Integrating a KMS plugin with the remote KMS @@ -95,7 +146,13 @@ Ensure that the KMS plugin runs on the same host(s) as the Kubernetes master(s). To encrypt the data: -1. Create a new encryption configuration file using the appropriate properties for the `kms` provider: +1. Create a new `EncryptionConfiguration` file using the appropriate properties for the `kms` provider to encrypt resources like Secrets and ConfigMaps. + +1. Set the `--encryption-provider-config` flag on the kube-apiserver to point to the location of the configuration file. + +1. Restart your API server. + +### KMS v1 {#encrypting-your-data-with-the-kms-provider-kms-v1} ```yaml apiVersion: apiserver.config.k8s.io/v1 @@ -105,16 +162,40 @@ To encrypt the data: - secrets providers: - kms: - name: myKmsPlugin + name: myKmsPluginFoo + endpoint: unix:///tmp/socketfile.sock + cachesize: 100 + timeout: 3s + - kms: + name: myKmsPluginBar endpoint: unix:///tmp/socketfile.sock cachesize: 100 timeout: 3s - - identity: {} ``` -1. Set the `--encryption-provider-config` flag on the kube-apiserver to point to - the location of the configuration file. -1. Restart your API server. +### KMS v2 {#encrypting-your-data-with-the-kms-provider-kms-v2} + + ```yaml + apiVersion: apiserver.config.k8s.io/v1 + kind: EncryptionConfiguration + resources: + - resources: + - secrets + providers: + - kms: + apiVersion: v2 + name: myKmsPluginFoo + endpoint: unix:///tmp/socketfile.sock + cachesize: 100 + timeout: 3s + - kms: + name: myKmsPluginBar + endpoint: unix:///tmp/socketfile.sock + cachesize: 100 + timeout: 3s + ``` + +Until the steps defined in [Ensuring all secrets are encrypted](#ensuring-all-secrets-are-encrypted) are performed, the `providers` list should end with the `identity: {}` provider to allow unencrypted data to be read. Once all resources are encrypted, the `identity` provider should be removed to prevent the API server from honoring unencrypted data. For details about the `EncryptionConfiguration` format, please check the [API server encryption API reference](/docs/reference/config-api/apiserver-encryption.v1/). @@ -139,8 +220,7 @@ you can use the `etcdctl` command line program to retrieve the contents of your where `[...]` contains the additional arguments for connecting to the etcd server. -1. Verify the stored secret is prefixed with `k8s:enc:kms:v1:`, which indicates that - the `kms` provider has encrypted the resulting data. +1. Verify the stored secret is prefixed with `k8s:enc:kms:v1:` for KMS v1 or prefixed with `k8s:enc:kms:v2:` for KMS v2, which indicates that the `kms` provider has encrypted the resulting data. 1. Verify that the secret is correctly decrypted when retrieved via the API: @@ -220,4 +300,3 @@ To disable encryption at rest: ```shell kubectl get secrets --all-namespaces -o json | kubectl replace -f - ``` - diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md index 91a471290da8d..34e2b112efce2 100644 --- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md +++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md @@ -13,11 +13,6 @@ To avoid CNI plugin-related errors, verify that you are using or upgrading to a container runtime that has been tested to work correctly with your version of Kubernetes. -For example, the following container runtimes are being prepared, or have already been prepared, for Kubernetes v1.24: - -* containerd v1.6.4 and later, v1.5.11 and later -* The CRI-O v1.24.0 and later - ## About the "Incompatible CNI versions" and "Failed to destroy network for sandbox" errors Service issues exist for pod CNI network setup and tear down in containerd diff --git a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md index 5d99875527aba..3c1c5fa4f541a 100644 --- a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md +++ b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md @@ -269,7 +269,7 @@ kubectl get pods Production likes to run cattle, so let's create some cattle pods. ```shell -kubectl create deployment cattle --image=k8s.gcr.io/serve_hostname --replicas=5 +kubectl create deployment cattle --image=registry.k8s.io/serve_hostname --replicas=5 kubectl get deployment ``` diff --git a/content/en/docs/tasks/administer-cluster/namespaces.md b/content/en/docs/tasks/administer-cluster/namespaces.md index a91a51e95a416..cceaf646bc017 100644 --- a/content/en/docs/tasks/administer-cluster/namespaces.md +++ b/content/en/docs/tasks/administer-cluster/namespaces.md @@ -195,7 +195,7 @@ This delete is asynchronous, so for a time you will see the namespace in the `Te To demonstrate this, let's spin up a simple Deployment and Pods in the `development` namespace. ```shell - kubectl create deployment snowflake --image=k8s.gcr.io/serve_hostname -n=development --replicas=2 + kubectl create deployment snowflake --image=registry.k8s.io/serve_hostname -n=development --replicas=2 ``` We have created a deployment whose replica size is 2 that is running the pod called `snowflake` with a basic container that serves the hostname. @@ -229,7 +229,7 @@ This delete is asynchronous, so for a time you will see the namespace in the `Te Production likes to run cattle, so let's create some cattle pods. ```shell - kubectl create deployment cattle --image=k8s.gcr.io/serve_hostname -n=production + kubectl create deployment cattle --image=registry.k8s.io/serve_hostname -n=production kubectl scale deployment cattle --replicas=5 -n=production kubectl get deployment -n=production diff --git a/content/en/docs/tasks/administer-cluster/securing-a-cluster.md b/content/en/docs/tasks/administer-cluster/securing-a-cluster.md index 2be416ceb6a21..c5e253a7accd5 100644 --- a/content/en/docs/tasks/administer-cluster/securing-a-cluster.md +++ b/content/en/docs/tasks/administer-cluster/securing-a-cluster.md @@ -256,7 +256,7 @@ your backups using a well reviewed backup and encryption solution, and consider encryption where possible. Kubernetes supports [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/), a feature -introduced in 1.7, and beta since 1.13. This will encrypt `Secret` resources in etcd, preventing +introduced in 1.7, v1 beta since 1.13, and v2 alpha since 1.25. This will encrypt resources like `Secret` and `ConfigMap` in etcd, preventing parties that gain access to your etcd backups from viewing the content of those secrets. While this feature is currently beta, it offers an additional level of defense when backups are not encrypted or an attacker gains read access to etcd. diff --git a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md index b07c8e0689ff2..367901b390e40 100644 --- a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md +++ b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md @@ -15,14 +15,13 @@ interface. {{< note >}} Starting from Kubernetes version 1.23, the kubelet supports the use of either `/` or `.` -as separators for sysctl names. +as separators for sysctl names. +Starting from Kubernetes version 1.25, setting Sysctls for a Pod supports setting sysctls with slashes. For example, you can represent the same sysctl name as `kernel.shm_rmid_forced` using a period as the separator, or as `kernel/shm_rmid_forced` using a slash as a separator. For more sysctl parameter conversion method details, please refer to the page [sysctl.d(5)](https://man7.org/linux/man-pages/man5/sysctl.d.5.html) from the Linux man-pages project. -Setting Sysctls for a Pod and PodSecurityPolicy features do not yet support -setting sysctls with slashes. {{< /note >}} ## {{% heading "prerequisites" %}} @@ -176,55 +175,3 @@ is recommended to use [_taints and toleration_ feature](/docs/reference/generated/kubectl/kubectl-commands/#taint) or [taints on nodes](/docs/concepts/scheduling-eviction/taint-and-toleration/) to schedule those pods onto the right nodes. - -## PodSecurityPolicy - -{{< feature-state for_k8s_version="v1.21" state="deprecated" >}} - -You can further control which sysctls can be set in pods by specifying lists of -sysctls or sysctl patterns in the `forbiddenSysctls` and/or -`allowedUnsafeSysctls` fields of the PodSecurityPolicy. A sysctl pattern ends -with a `*` character, such as `kernel.*`. A `*` character on its own matches -all sysctls. - -By default, all safe sysctls are allowed. - -Both `forbiddenSysctls` and `allowedUnsafeSysctls` are lists of plain sysctl names -or sysctl patterns (which end with `*`). The string `*` matches all sysctls. - -The `forbiddenSysctls` field excludes specific sysctls. You can forbid a -combination of safe and unsafe sysctls in the list. To forbid setting any -sysctls, use `*` on its own. - -If you specify any unsafe sysctl in the `allowedUnsafeSysctls` field and it is -not present in the `forbiddenSysctls` field, that sysctl can be used in Pods -using this PodSecurityPolicy. To allow all unsafe sysctls in the -PodSecurityPolicy to be set, use `*` on its own. - -Do not configure these two fields such that there is overlap, meaning that a -given sysctl is both allowed and forbidden. - -{{< warning >}} -If you allow unsafe sysctls via the `allowedUnsafeSysctls` field -in a PodSecurityPolicy, any pod using such a sysctl will fail to start -if the sysctl is not allowed via the `--allowed-unsafe-sysctls` kubelet -flag as well on that node. -{{< /warning >}} - -This example allows unsafe sysctls prefixed with `kernel.msg` to be set and -disallows setting of the `kernel.shm_rmid_forced` sysctl. - -```yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: sysctl-psp -spec: - allowedUnsafeSysctls: - - kernel.msg* - forbiddenSysctls: - - kernel.shm_rmid_forced - ... -``` - - diff --git a/content/en/docs/tasks/administer-cluster/verify-signed-images.md b/content/en/docs/tasks/administer-cluster/verify-signed-images.md index 61fdd8601de35..0a3ebbb651c17 100644 --- a/content/en/docs/tasks/administer-cluster/verify-signed-images.md +++ b/content/en/docs/tasks/administer-cluster/verify-signed-images.md @@ -28,7 +28,7 @@ Let's pick one image from this list and verify its signature using the `cosign verify` command: ```shell -COSIGN_EXPERIMENTAL=1 cosign verify k8s.gcr.io/kube-apiserver-amd64:v1.24.0 +COSIGN_EXPERIMENTAL=1 cosign verify registry.k8s.io/kube-apiserver-amd64:v1.24.0 ``` {{< note >}} @@ -42,7 +42,7 @@ in `KEYLESS` mode. To learn more about keyless signing, please refer to To verify all signed control plane images, please run this command: ```shell -curl -Ls https://sbom.k8s.io/$(curl -Ls https://dl.k8s.io/release/latest.txt)/release | grep 'PackageName: k8s.gcr.io/' | awk '{print $2}' > images.txt +curl -Ls https://sbom.k8s.io/$(curl -Ls https://dl.k8s.io/release/latest.txt)/release | grep 'PackageName: registry.k8s.io/' | awk '{print $2}' > images.txt input=images.txt while IFS= read -r image do diff --git a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md index 05249a9aaf22b..1046f705ea040 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md +++ b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md @@ -43,7 +43,7 @@ broken states, and cannot recover except by being restarted. Kubernetes provides liveness probes to detect and remedy such situations. In this exercise, you create a Pod that runs a container based on the -`k8s.gcr.io/busybox` image. Here is the configuration file for the Pod: +`registry.k8s.io/busybox` image. Here is the configuration file for the Pod: {{< codenew file="pods/probe/exec-liveness.yaml" >}} @@ -84,8 +84,8 @@ The output indicates that no liveness probes have failed yet: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 11s default-scheduler Successfully assigned default/liveness-exec to node01 - Normal Pulling 9s kubelet, node01 Pulling image "k8s.gcr.io/busybox" - Normal Pulled 7s kubelet, node01 Successfully pulled image "k8s.gcr.io/busybox" + Normal Pulling 9s kubelet, node01 Pulling image "registry.k8s.io/busybox" + Normal Pulled 7s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox" Normal Created 7s kubelet, node01 Created container liveness Normal Started 7s kubelet, node01 Started container liveness ``` @@ -103,8 +103,8 @@ probes have failed, and the failed containers have been killed and recreated. Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 57s default-scheduler Successfully assigned default/liveness-exec to node01 - Normal Pulling 55s kubelet, node01 Pulling image "k8s.gcr.io/busybox" - Normal Pulled 53s kubelet, node01 Successfully pulled image "k8s.gcr.io/busybox" + Normal Pulling 55s kubelet, node01 Pulling image "registry.k8s.io/busybox" + Normal Pulled 53s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox" Normal Created 53s kubelet, node01 Created container liveness Normal Started 53s kubelet, node01 Started container liveness Warning Unhealthy 10s (x3 over 20s) kubelet, node01 Liveness probe failed: cat: can't open '/tmp/healthy': No such file or directory @@ -127,7 +127,7 @@ liveness-exec 1/1 Running 1 1m ## Define a liveness HTTP request Another kind of liveness probe uses an HTTP GET request. Here is the configuration -file for a Pod that runs a container based on the `k8s.gcr.io/liveness` +file for a Pod that runs a container based on the `registry.k8s.io/liveness` image. {{< codenew file="pods/probe/http-liveness.yaml" >}} @@ -481,7 +481,7 @@ to resolve it. ### Probe-level `terminationGracePeriodSeconds` -{{< feature-state for_k8s_version="v1.22" state="beta" >}} +{{< feature-state for_k8s_version="v1.25" state="beta" >}} Prior to release 1.21, the pod-level `terminationGracePeriodSeconds` was used for terminating a container that failed its liveness or startup probe. This @@ -489,22 +489,23 @@ coupling was unintended and may have resulted in failed containers taking an unusually long time to restart when a pod-level `terminationGracePeriodSeconds` was set. -In 1.21 and beyond, when the feature gate `ProbeTerminationGracePeriod` is -enabled, users can specify a probe-level `terminationGracePeriodSeconds` as -part of the probe specification. When the feature gate is enabled, and both a -pod- and probe-level `terminationGracePeriodSeconds` are set, the kubelet will -use the probe-level value. +In 1.25 and beyond, users can specify a probe-level `terminationGracePeriodSeconds` +as part of the probe specification. When both a pod- and probe-level +`terminationGracePeriodSeconds` are set, the kubelet will use the probe-level value. {{< note >}} -As of Kubernetes 1.22, the `ProbeTerminationGracePeriod` feature gate is only -available on the API Server. The kubelet always honors the probe-level -`terminationGracePeriodSeconds` field if it is present on a Pod. +Beginning in Kubernetes 1.25, the `ProbeTerminationGracePeriod` feature is enabled +by default. For users choosing to disable this feature, please note the following: -If you have existing Pods where the `terminationGracePeriodSeconds` field is set and +* The `ProbeTerminationGracePeriod` feature gate is only available on the API Server. +The kubelet always honors the probe-level `terminationGracePeriodSeconds` field if +it is present on a Pod. + +* If you have existing Pods where the `terminationGracePeriodSeconds` field is set and you no longer wish to use per-probe termination grace periods, you must delete those existing Pods. -When you (or the control plane, or some other component) create replacement +* When you (or the control plane, or some other component) create replacement Pods, and the feature gate `ProbeTerminationGracePeriod` is disabled, then the API server ignores the Probe-level `terminationGracePeriodSeconds` field, even if a Pod or pod template specifies it. diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md index 80d942b724e52..38a3e0532f712 100644 --- a/content/en/docs/tasks/configure-pod-container/security-context.md +++ b/content/en/docs/tasks/configure-pod-container/security-context.md @@ -444,6 +444,43 @@ securityContext: To assign SELinux labels, the SELinux security module must be loaded on the host operating system. {{< /note >}} +### Efficient SELinux volume relabeling + +{{< feature-state for_k8s_version="v1.25" state="alpha" >}} + +By default, the contrainer runtime recursively assigns SELinux label to all +files on all Pod volumes. To speed up this process, Kubernetes can change the +SELinux label of a volume instantly by using a mount option +`-o context=