From 1b41975d61e3dfe9b93394aaec0f063dcc82a6f6 Mon Sep 17 00:00:00 2001 From: Mahe Tardy Date: Thu, 12 Sep 2024 13:06:29 +0200 Subject: [PATCH] chores: run make crds with updated scripts Signed-off-by: Mahe Tardy --- .../tetragon/crds-yaml/cilium.io_podinfo.yaml | 55 +- .../crds-yaml/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- .../crds/v1alpha1/cilium.io_podinfo.yaml | 55 +- .../v1alpha1/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- pkg/k8s/apis/cilium.io/v1alpha1/version.go | 2 +- .../versioned/fake/clientset_generated.go | 6 +- .../cilium.io/v1alpha1/fake/fake_podinfo.go | 36 +- .../v1alpha1/fake/fake_tracingpolicy.go | 29 +- .../fake/fake_tracingpolicynamespaced.go | 29 +- .../typed/cilium.io/v1alpha1/podinfo.go | 146 +---- .../typed/cilium.io/v1alpha1/tracingpolicy.go | 119 +--- .../v1alpha1/tracingpolicynamespaced.go | 129 +---- .../informers/externalversions/factory.go | 1 + .../listers/cilium.io/v1alpha1/podinfo.go | 39 +- .../cilium.io/v1alpha1/tracingpolicy.go | 26 +- .../v1alpha1/tracingpolicynamespaced.go | 39 +- .../vendor/k8s.io/client-go/listers/doc.go | 18 + .../client-go/listers/generic_helpers.go | 72 +++ pkg/k8s/vendor/modules.txt | 1 + .../crds/v1alpha1/cilium.io_podinfo.yaml | 55 +- .../v1alpha1/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- .../k8s/apis/cilium.io/v1alpha1/version.go | 2 +- .../typed/cilium.io/v1alpha1/podinfo.go | 146 +---- .../typed/cilium.io/v1alpha1/tracingpolicy.go | 119 +--- .../v1alpha1/tracingpolicynamespaced.go | 129 +---- .../informers/externalversions/factory.go | 1 + .../listers/cilium.io/v1alpha1/podinfo.go | 39 +- .../cilium.io/v1alpha1/tracingpolicy.go | 26 +- .../v1alpha1/tracingpolicynamespaced.go | 39 +- 32 files changed, 1812 insertions(+), 2678 deletions(-) create mode 100644 pkg/k8s/vendor/k8s.io/client-go/listers/doc.go create mode 100644 pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/pkg/k8s/apis/cilium.io/v1alpha1/version.go index e15f207706e..c7eda83ffe9 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.3.1" +const CustomResourceDefinitionSchemaVersion = "1.3.2" diff --git a/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go b/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go index 4cb28652cec..2650706cc4b 100644 --- a/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go @@ -18,8 +18,12 @@ import ( // NewSimpleClientset returns a clientset that will respond with the provided objects. // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, -// without applying any validations and/or defaults. It shouldn't be considered a replacement +// without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// DEPRECATED: NewClientset replaces this with support for field management, which significantly improves +// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. +// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go index b33229b2114..12f1f4a5654 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go @@ -28,22 +28,24 @@ var podinfoKind = v1alpha1.SchemeGroupVersion.WithKind("PodInfo") // Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. func (c *FakePodInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewGetAction(podinfoResource, c.ns, name), &v1alpha1.PodInfo{}) + Invokes(testing.NewGetActionWithOptions(podinfoResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // List takes label and field selectors, and returns the list of PodInfo that match those selectors. func (c *FakePodInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { + emptyResult := &v1alpha1.PodInfoList{} obj, err := c.Fake. - Invokes(testing.NewListAction(podinfoResource, podinfoKind, c.ns, opts), &v1alpha1.PodInfoList{}) + Invokes(testing.NewListActionWithOptions(podinfoResource, podinfoKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -62,40 +64,43 @@ func (c *FakePodInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1 // Watch returns a watch.Interface that watches the requested podInfo. func (c *FakePodInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(podinfoResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(podinfoResource, c.ns, opts)) } // Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. func (c *FakePodInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewCreateActionWithOptions(podinfoResource, c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. func (c *FakePodInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewUpdateActionWithOptions(podinfoResource, c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePodInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) { +func (c *FakePodInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(podinfoResource, "status", c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(podinfoResource, "status", c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } @@ -110,7 +115,7 @@ func (c *FakePodInfo) Delete(ctx context.Context, name string, opts v1.DeleteOpt // DeleteCollection deletes a collection of objects. func (c *FakePodInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(podinfoResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(podinfoResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.PodInfoList{}) return err @@ -118,11 +123,12 @@ func (c *FakePodInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOption // Patch applies the patch and returns the patched podInfo. func (c *FakePodInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(podinfoResource, c.ns, name, pt, data, subresources...), &v1alpha1.PodInfo{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(podinfoResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go index d0d0e206217..1f4ec91bf41 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go @@ -27,20 +27,22 @@ var tracingpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("TracingPolicy") // Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. func (c *FakeTracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tracingpoliciesResource, name), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootGetActionWithOptions(tracingpoliciesResource, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } // List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. func (c *FakeTracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { + emptyResult := &v1alpha1.TracingPolicyList{} obj, err := c.Fake. - Invokes(testing.NewRootListAction(tracingpoliciesResource, tracingpoliciesKind, opts), &v1alpha1.TracingPolicyList{}) + Invokes(testing.NewRootListActionWithOptions(tracingpoliciesResource, tracingpoliciesKind, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -59,25 +61,27 @@ func (c *FakeTracingPolicies) List(ctx context.Context, opts v1.ListOptions) (re // Watch returns a watch.Interface that watches the requested tracingPolicies. func (c *FakeTracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tracingpoliciesResource, opts)) + InvokesWatch(testing.NewRootWatchActionWithOptions(tracingpoliciesResource, opts)) } // Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. func (c *FakeTracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootCreateActionWithOptions(tracingpoliciesResource, tracingPolicy, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } // Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. func (c *FakeTracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootUpdateActionWithOptions(tracingpoliciesResource, tracingPolicy, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } @@ -91,7 +95,7 @@ func (c *FakeTracingPolicies) Delete(ctx context.Context, name string, opts v1.D // DeleteCollection deletes a collection of objects. func (c *FakeTracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tracingpoliciesResource, listOpts) + action := testing.NewRootDeleteCollectionActionWithOptions(tracingpoliciesResource, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyList{}) return err @@ -99,10 +103,11 @@ func (c *FakeTracingPolicies) DeleteCollection(ctx context.Context, opts v1.Dele // Patch applies the patch and returns the patched tracingPolicy. func (c *FakeTracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tracingpoliciesResource, name, pt, data, subresources...), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootPatchSubresourceActionWithOptions(tracingpoliciesResource, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go index aee9d1daa68..5e83163aea8 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go @@ -28,22 +28,24 @@ var tracingpoliciesnamespacedKind = v1alpha1.SchemeGroupVersion.WithKind("Tracin // Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. func (c *FakeTracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewGetAction(tracingpoliciesnamespacedResource, c.ns, name), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewGetActionWithOptions(tracingpoliciesnamespacedResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } // List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. func (c *FakeTracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespacedList{} obj, err := c.Fake. - Invokes(testing.NewListAction(tracingpoliciesnamespacedResource, tracingpoliciesnamespacedKind, c.ns, opts), &v1alpha1.TracingPolicyNamespacedList{}) + Invokes(testing.NewListActionWithOptions(tracingpoliciesnamespacedResource, tracingpoliciesnamespacedKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -62,28 +64,30 @@ func (c *FakeTracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOp // Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. func (c *FakeTracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(tracingpoliciesnamespacedResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(tracingpoliciesnamespacedResource, c.ns, opts)) } // Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. func (c *FakeTracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewCreateActionWithOptions(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } // Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. func (c *FakeTracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewUpdateActionWithOptions(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } @@ -98,7 +102,7 @@ func (c *FakeTracingPoliciesNamespaced) Delete(ctx context.Context, name string, // DeleteCollection deletes a collection of objects. func (c *FakeTracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(tracingpoliciesnamespacedResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(tracingpoliciesnamespacedResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyNamespacedList{}) return err @@ -106,11 +110,12 @@ func (c *FakeTracingPoliciesNamespaced) DeleteCollection(ctx context.Context, op // Patch applies the patch and returns the patched tracingPolicyNamespaced. func (c *FakeTracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(tracingpoliciesnamespacedResource, c.ns, name, pt, data, subresources...), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(tracingpoliciesnamespacedResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go index 3701342df53..a13d03dbc14 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PodInfoGetter has a method to return a PodInfoInterface. @@ -27,6 +26,7 @@ type PodInfoGetter interface { type PodInfoInterface interface { Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (*v1alpha1.PodInfo, error) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error @@ -39,144 +39,18 @@ type PodInfoInterface interface { // podInfo implements PodInfoInterface type podInfo struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList] } // newPodInfo returns a PodInfo func newPodInfo(c *CiliumV1alpha1Client, namespace string) *podInfo { return &podInfo{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList]( + "podinfo", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.PodInfo { return &v1alpha1.PodInfo{} }, + func() *v1alpha1.PodInfoList { return &v1alpha1.PodInfoList{} }), } } - -// Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. -func (c *podInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PodInfo that match those selectors. -func (c *podInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PodInfoList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested podInfo. -func (c *podInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Post(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *podInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the podInfo and deletes it. Returns an error if one occurs. -func (c *podInfo) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *podInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched podInfo. -func (c *podInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go index c0f74d2bf88..d113bc64803 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesGetter has a method to return a TracingPolicyInterface. @@ -38,118 +37,18 @@ type TracingPolicyInterface interface { // tracingPolicies implements TracingPolicyInterface type tracingPolicies struct { - client rest.Interface + *gentype.ClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList] } // newTracingPolicies returns a TracingPolicies func newTracingPolicies(c *CiliumV1alpha1Client) *tracingPolicies { return &tracingPolicies{ - client: c.RESTClient(), + gentype.NewClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList]( + "tracingpolicies", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *v1alpha1.TracingPolicy { return &v1alpha1.TracingPolicy{} }, + func() *v1alpha1.TracingPolicyList { return &v1alpha1.TracingPolicyList{} }), } } - -// Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. -func (c *tracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Get(). - Resource("tracingpolicies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. -func (c *tracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyList{} - err = c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPolicies. -func (c *tracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Post(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Put(). - Resource("tracingpolicies"). - Name(tracingPolicy.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicy and deletes it. Returns an error if one occurs. -func (c *tracingPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tracingpolicies"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tracingpolicies"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicy. -func (c *tracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Patch(pt). - Resource("tracingpolicies"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go index d36ae4ddfe3..a434f8d0b2c 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesNamespacedGetter has a method to return a TracingPolicyNamespacedInterface. @@ -38,128 +37,18 @@ type TracingPolicyNamespacedInterface interface { // tracingPoliciesNamespaced implements TracingPolicyNamespacedInterface type tracingPoliciesNamespaced struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList] } // newTracingPoliciesNamespaced returns a TracingPoliciesNamespaced func newTracingPoliciesNamespaced(c *CiliumV1alpha1Client, namespace string) *tracingPoliciesNamespaced { return &tracingPoliciesNamespaced{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList]( + "tracingpoliciesnamespaced", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.TracingPolicyNamespaced { return &v1alpha1.TracingPolicyNamespaced{} }, + func() *v1alpha1.TracingPolicyNamespacedList { return &v1alpha1.TracingPolicyNamespacedList{} }), } } - -// Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. -func (c *tracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. -func (c *tracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyNamespacedList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. -func (c *tracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Post(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Put(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(tracingPolicyNamespaced.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicyNamespaced and deletes it. Returns an error if one occurs. -func (c *tracingPoliciesNamespaced) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicyNamespaced. -func (c *tracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/informers/externalversions/factory.go b/pkg/k8s/client/informers/externalversions/factory.go index 94e07a7ff56..0b2fb5b75dc 100644 --- a/pkg/k8s/client/informers/externalversions/factory.go +++ b/pkg/k8s/client/informers/externalversions/factory.go @@ -215,6 +215,7 @@ type SharedInformerFactory interface { // Start initializes all requested informers. They are handled in goroutines // which run until the stop channel gets closed. + // Warning: Start does not block. When run in a go-routine, it will race with a later WaitForCacheSync. Start(stopCh <-chan struct{}) // Shutdown marks a factory as shutting down. At that point no new diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go index c04d518f27a..0b8a176f085 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type PodInfoLister interface { // podInfoLister implements the PodInfoLister interface. type podInfoLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.PodInfo] } // NewPodInfoLister returns a new PodInfoLister. func NewPodInfoLister(indexer cache.Indexer) PodInfoLister { - return &podInfoLister{indexer: indexer} -} - -// List lists all PodInfo in the indexer. -func (s *podInfoLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err + return &podInfoLister{listers.New[*v1alpha1.PodInfo](indexer, v1alpha1.Resource("podinfo"))} } // PodInfo returns an object that can list and get PodInfo. func (s *podInfoLister) PodInfo(namespace string) PodInfoNamespaceLister { - return podInfoNamespaceLister{indexer: s.indexer, namespace: namespace} + return podInfoNamespaceLister{listers.NewNamespaced[*v1alpha1.PodInfo](s.ResourceIndexer, namespace)} } // PodInfoNamespaceLister helps list and get PodInfo. @@ -61,26 +53,5 @@ type PodInfoNamespaceLister interface { // podInfoNamespaceLister implements the PodInfoNamespaceLister // interface. type podInfoNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodInfo in the indexer for a given namespace. -func (s podInfoNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err -} - -// Get retrieves the PodInfo from the indexer for a given namespace and name. -func (s podInfoNamespaceLister) Get(name string) (*v1alpha1.PodInfo, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("podinfo"), name) - } - return obj.(*v1alpha1.PodInfo), nil + listers.ResourceIndexer[*v1alpha1.PodInfo] } diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go index c6508bef6c4..871c1975755 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -26,30 +26,10 @@ type TracingPolicyLister interface { // tracingPolicyLister implements the TracingPolicyLister interface. type tracingPolicyLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicy] } // NewTracingPolicyLister returns a new TracingPolicyLister. func NewTracingPolicyLister(indexer cache.Indexer) TracingPolicyLister { - return &tracingPolicyLister{indexer: indexer} -} - -// List lists all TracingPolicies in the indexer. -func (s *tracingPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicy)) - }) - return ret, err -} - -// Get retrieves the TracingPolicy from the index for a given name. -func (s *tracingPolicyLister) Get(name string) (*v1alpha1.TracingPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicy"), name) - } - return obj.(*v1alpha1.TracingPolicy), nil + return &tracingPolicyLister{listers.New[*v1alpha1.TracingPolicy](indexer, v1alpha1.Resource("tracingpolicy"))} } diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go index 98ca107ff9c..48f01b05d55 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type TracingPolicyNamespacedLister interface { // tracingPolicyNamespacedLister implements the TracingPolicyNamespacedLister interface. type tracingPolicyNamespacedLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } // NewTracingPolicyNamespacedLister returns a new TracingPolicyNamespacedLister. func NewTracingPolicyNamespacedLister(indexer cache.Indexer) TracingPolicyNamespacedLister { - return &tracingPolicyNamespacedLister{indexer: indexer} -} - -// List lists all TracingPoliciesNamespaced in the indexer. -func (s *tracingPolicyNamespacedLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err + return &tracingPolicyNamespacedLister{listers.New[*v1alpha1.TracingPolicyNamespaced](indexer, v1alpha1.Resource("tracingpolicynamespaced"))} } // TracingPoliciesNamespaced returns an object that can list and get TracingPoliciesNamespaced. func (s *tracingPolicyNamespacedLister) TracingPoliciesNamespaced(namespace string) TracingPolicyNamespacedNamespaceLister { - return tracingPolicyNamespacedNamespaceLister{indexer: s.indexer, namespace: namespace} + return tracingPolicyNamespacedNamespaceLister{listers.NewNamespaced[*v1alpha1.TracingPolicyNamespaced](s.ResourceIndexer, namespace)} } // TracingPolicyNamespacedNamespaceLister helps list and get TracingPoliciesNamespaced. @@ -61,26 +53,5 @@ type TracingPolicyNamespacedNamespaceLister interface { // tracingPolicyNamespacedNamespaceLister implements the TracingPolicyNamespacedNamespaceLister // interface. type tracingPolicyNamespacedNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all TracingPoliciesNamespaced in the indexer for a given namespace. -func (s tracingPolicyNamespacedNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err -} - -// Get retrieves the TracingPolicyNamespaced from the indexer for a given namespace and name. -func (s tracingPolicyNamespacedNamespaceLister) Get(name string) (*v1alpha1.TracingPolicyNamespaced, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicynamespaced"), name) - } - return obj.(*v1alpha1.TracingPolicyNamespaced), nil + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } diff --git a/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go b/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go new file mode 100644 index 00000000000..96c330c9311 --- /dev/null +++ b/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go @@ -0,0 +1,18 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package listers provides generated listers for Kubernetes APIs. +package listers // import "k8s.io/client-go/listers" diff --git a/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go b/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go new file mode 100644 index 00000000000..c69bb22b11e --- /dev/null +++ b/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go @@ -0,0 +1,72 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package listers + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/tools/cache" +) + +// ResourceIndexer wraps an indexer, resource, and optional namespace for a given type. +// This is intended for use by listers (generated by lister-gen) only. +type ResourceIndexer[T runtime.Object] struct { + indexer cache.Indexer + resource schema.GroupResource + namespace string // empty for non-namespaced types +} + +// New returns a new instance of a lister (resource indexer) wrapping the given indexer and resource for the specified type. +// This is intended for use by listers (generated by lister-gen) only. +func New[T runtime.Object](indexer cache.Indexer, resource schema.GroupResource) ResourceIndexer[T] { + return ResourceIndexer[T]{indexer: indexer, resource: resource} +} + +// NewNamespaced returns a new instance of a namespaced lister (resource indexer) wrapping the given parent and namespace for the specified type. +// This is intended for use by listers (generated by lister-gen) only. +func NewNamespaced[T runtime.Object](parent ResourceIndexer[T], namespace string) ResourceIndexer[T] { + return ResourceIndexer[T]{indexer: parent.indexer, resource: parent.resource, namespace: namespace} +} + +// List lists all resources in the indexer matching the given selector. +func (l ResourceIndexer[T]) List(selector labels.Selector) (ret []T, err error) { + // ListAllByNamespace reverts to ListAll on empty namespaces + err = cache.ListAllByNamespace(l.indexer, l.namespace, selector, func(m interface{}) { + ret = append(ret, m.(T)) + }) + return ret, err +} + +// Get retrieves the resource from the index for a given name. +func (l ResourceIndexer[T]) Get(name string) (T, error) { + var key string + if l.namespace == "" { + key = name + } else { + key = l.namespace + "/" + name + } + obj, exists, err := l.indexer.GetByKey(key) + if err != nil { + return *new(T), err + } + if !exists { + return *new(T), errors.NewNotFound(l.resource, name) + } + return obj.(T), nil +} diff --git a/pkg/k8s/vendor/modules.txt b/pkg/k8s/vendor/modules.txt index 4118874e527..cd2cd2d661e 100644 --- a/pkg/k8s/vendor/modules.txt +++ b/pkg/k8s/vendor/modules.txt @@ -465,6 +465,7 @@ k8s.io/client-go/kubernetes/typed/storage/v1 k8s.io/client-go/kubernetes/typed/storage/v1alpha1 k8s.io/client-go/kubernetes/typed/storage/v1beta1 k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1 +k8s.io/client-go/listers k8s.io/client-go/openapi k8s.io/client-go/pkg/apis/clientauthentication k8s.io/client-go/pkg/apis/clientauthentication/install diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go index e15f207706e..c7eda83ffe9 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.3.1" +const CustomResourceDefinitionSchemaVersion = "1.3.2" diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go index 3701342df53..a13d03dbc14 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PodInfoGetter has a method to return a PodInfoInterface. @@ -27,6 +26,7 @@ type PodInfoGetter interface { type PodInfoInterface interface { Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (*v1alpha1.PodInfo, error) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error @@ -39,144 +39,18 @@ type PodInfoInterface interface { // podInfo implements PodInfoInterface type podInfo struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList] } // newPodInfo returns a PodInfo func newPodInfo(c *CiliumV1alpha1Client, namespace string) *podInfo { return &podInfo{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList]( + "podinfo", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.PodInfo { return &v1alpha1.PodInfo{} }, + func() *v1alpha1.PodInfoList { return &v1alpha1.PodInfoList{} }), } } - -// Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. -func (c *podInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PodInfo that match those selectors. -func (c *podInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PodInfoList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested podInfo. -func (c *podInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Post(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *podInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the podInfo and deletes it. Returns an error if one occurs. -func (c *podInfo) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *podInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched podInfo. -func (c *podInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go index c0f74d2bf88..d113bc64803 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesGetter has a method to return a TracingPolicyInterface. @@ -38,118 +37,18 @@ type TracingPolicyInterface interface { // tracingPolicies implements TracingPolicyInterface type tracingPolicies struct { - client rest.Interface + *gentype.ClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList] } // newTracingPolicies returns a TracingPolicies func newTracingPolicies(c *CiliumV1alpha1Client) *tracingPolicies { return &tracingPolicies{ - client: c.RESTClient(), + gentype.NewClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList]( + "tracingpolicies", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *v1alpha1.TracingPolicy { return &v1alpha1.TracingPolicy{} }, + func() *v1alpha1.TracingPolicyList { return &v1alpha1.TracingPolicyList{} }), } } - -// Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. -func (c *tracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Get(). - Resource("tracingpolicies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. -func (c *tracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyList{} - err = c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPolicies. -func (c *tracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Post(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Put(). - Resource("tracingpolicies"). - Name(tracingPolicy.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicy and deletes it. Returns an error if one occurs. -func (c *tracingPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tracingpolicies"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tracingpolicies"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicy. -func (c *tracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Patch(pt). - Resource("tracingpolicies"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go index d36ae4ddfe3..a434f8d0b2c 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesNamespacedGetter has a method to return a TracingPolicyNamespacedInterface. @@ -38,128 +37,18 @@ type TracingPolicyNamespacedInterface interface { // tracingPoliciesNamespaced implements TracingPolicyNamespacedInterface type tracingPoliciesNamespaced struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList] } // newTracingPoliciesNamespaced returns a TracingPoliciesNamespaced func newTracingPoliciesNamespaced(c *CiliumV1alpha1Client, namespace string) *tracingPoliciesNamespaced { return &tracingPoliciesNamespaced{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList]( + "tracingpoliciesnamespaced", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.TracingPolicyNamespaced { return &v1alpha1.TracingPolicyNamespaced{} }, + func() *v1alpha1.TracingPolicyNamespacedList { return &v1alpha1.TracingPolicyNamespacedList{} }), } } - -// Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. -func (c *tracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. -func (c *tracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyNamespacedList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. -func (c *tracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Post(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Put(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(tracingPolicyNamespaced.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicyNamespaced and deletes it. Returns an error if one occurs. -func (c *tracingPoliciesNamespaced) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicyNamespaced. -func (c *tracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go index 94e07a7ff56..0b2fb5b75dc 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go @@ -215,6 +215,7 @@ type SharedInformerFactory interface { // Start initializes all requested informers. They are handled in goroutines // which run until the stop channel gets closed. + // Warning: Start does not block. When run in a go-routine, it will race with a later WaitForCacheSync. Start(stopCh <-chan struct{}) // Shutdown marks a factory as shutting down. At that point no new diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go index c04d518f27a..0b8a176f085 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type PodInfoLister interface { // podInfoLister implements the PodInfoLister interface. type podInfoLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.PodInfo] } // NewPodInfoLister returns a new PodInfoLister. func NewPodInfoLister(indexer cache.Indexer) PodInfoLister { - return &podInfoLister{indexer: indexer} -} - -// List lists all PodInfo in the indexer. -func (s *podInfoLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err + return &podInfoLister{listers.New[*v1alpha1.PodInfo](indexer, v1alpha1.Resource("podinfo"))} } // PodInfo returns an object that can list and get PodInfo. func (s *podInfoLister) PodInfo(namespace string) PodInfoNamespaceLister { - return podInfoNamespaceLister{indexer: s.indexer, namespace: namespace} + return podInfoNamespaceLister{listers.NewNamespaced[*v1alpha1.PodInfo](s.ResourceIndexer, namespace)} } // PodInfoNamespaceLister helps list and get PodInfo. @@ -61,26 +53,5 @@ type PodInfoNamespaceLister interface { // podInfoNamespaceLister implements the PodInfoNamespaceLister // interface. type podInfoNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodInfo in the indexer for a given namespace. -func (s podInfoNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err -} - -// Get retrieves the PodInfo from the indexer for a given namespace and name. -func (s podInfoNamespaceLister) Get(name string) (*v1alpha1.PodInfo, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("podinfo"), name) - } - return obj.(*v1alpha1.PodInfo), nil + listers.ResourceIndexer[*v1alpha1.PodInfo] } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go index c6508bef6c4..871c1975755 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -26,30 +26,10 @@ type TracingPolicyLister interface { // tracingPolicyLister implements the TracingPolicyLister interface. type tracingPolicyLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicy] } // NewTracingPolicyLister returns a new TracingPolicyLister. func NewTracingPolicyLister(indexer cache.Indexer) TracingPolicyLister { - return &tracingPolicyLister{indexer: indexer} -} - -// List lists all TracingPolicies in the indexer. -func (s *tracingPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicy)) - }) - return ret, err -} - -// Get retrieves the TracingPolicy from the index for a given name. -func (s *tracingPolicyLister) Get(name string) (*v1alpha1.TracingPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicy"), name) - } - return obj.(*v1alpha1.TracingPolicy), nil + return &tracingPolicyLister{listers.New[*v1alpha1.TracingPolicy](indexer, v1alpha1.Resource("tracingpolicy"))} } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go index 98ca107ff9c..48f01b05d55 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type TracingPolicyNamespacedLister interface { // tracingPolicyNamespacedLister implements the TracingPolicyNamespacedLister interface. type tracingPolicyNamespacedLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } // NewTracingPolicyNamespacedLister returns a new TracingPolicyNamespacedLister. func NewTracingPolicyNamespacedLister(indexer cache.Indexer) TracingPolicyNamespacedLister { - return &tracingPolicyNamespacedLister{indexer: indexer} -} - -// List lists all TracingPoliciesNamespaced in the indexer. -func (s *tracingPolicyNamespacedLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err + return &tracingPolicyNamespacedLister{listers.New[*v1alpha1.TracingPolicyNamespaced](indexer, v1alpha1.Resource("tracingpolicynamespaced"))} } // TracingPoliciesNamespaced returns an object that can list and get TracingPoliciesNamespaced. func (s *tracingPolicyNamespacedLister) TracingPoliciesNamespaced(namespace string) TracingPolicyNamespacedNamespaceLister { - return tracingPolicyNamespacedNamespaceLister{indexer: s.indexer, namespace: namespace} + return tracingPolicyNamespacedNamespaceLister{listers.NewNamespaced[*v1alpha1.TracingPolicyNamespaced](s.ResourceIndexer, namespace)} } // TracingPolicyNamespacedNamespaceLister helps list and get TracingPoliciesNamespaced. @@ -61,26 +53,5 @@ type TracingPolicyNamespacedNamespaceLister interface { // tracingPolicyNamespacedNamespaceLister implements the TracingPolicyNamespacedNamespaceLister // interface. type tracingPolicyNamespacedNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all TracingPoliciesNamespaced in the indexer for a given namespace. -func (s tracingPolicyNamespacedNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err -} - -// Get retrieves the TracingPolicyNamespaced from the indexer for a given namespace and name. -func (s tracingPolicyNamespacedNamespaceLister) Get(name string) (*v1alpha1.TracingPolicyNamespaced, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicynamespaced"), name) - } - return obj.(*v1alpha1.TracingPolicyNamespaced), nil + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] }